Avoid potential SQL injections without breaking compatibility with plugins

libs/picodb/lib/PicoDb/Database.php

@@ -5,6 +5,7 @@ namespace PicoDb;
 use Closure;
 use PDOException;
 use LogicException;
+use PicoDb\SQLException;
 use PicoDb\Driver\Mssql;
 use PicoDb\Driver\Sqlite;
 use PicoDb\Driver\Mysql;
@@ -215,6 +216,11 @@ class Database
             return $value;
         }
 
+        // Avoid potential SQL injection
+        if (preg_match('/^[a-z0-9_]+$/', $value) === 0) {
+            throw new SQLException('Invalid identifier: '.$value);
+        }
+
         if (! empty($table)) {
             return $this->driver->escape($table).'.'.$this->driver->escape($value);
         }