SQL should not attempt to create database with strange names

[ezyang]

This rather odd trace was sent as RT 1334678

Fatal Error: UPDATE DB SET `bEnabled`=0 WHERE DB.Name = 'sloanfinance+''<br />
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''sloanfinance+''' at line 1 occured in /srv/web/main/lib/joe/mysql.lib.php on 22 at Mon Sep 6 16:04:43 EDT 2010

file: 22 - /srv/web/main/lib/joe/mysql.lib.php
call: trigger_error("UPDATE DB SET `bEnabled`=0 WHERE DB.Name = 'sloanfinance+''&lt;br ...", 256)

file: 25 - /srv/web/main/lib/joe/mysql.lib.php
call: DBInsert("UPDATE DB SET `bEnabled`=0 WHERE DB.Name = 'sloanfinance+''")

file: 396 - /srv/web/main/lib/security.lib.php
call: DBUpdate("UPDATE DB SET `bEnabled`=0 WHERE DB.Name = 'sloanfinance+''")

file: 211 - /srv/web/main/lib/security.lib.php
call: delDB("sloanfinance+'")

file: 39 - /srv/web/main/lib/proc.lib.php
call: User->delDB("sloanfinance+'")

file: 21 - /srv/web/main/main.php
call: proc::drop(Object(User), Array
(
[sloanfinance+'] => Yes
)
)


Array
(
[0] => /srv/web/main/main.php
[1] => /srv/web/main/mitsql.cfg.php
[2] => /usr/local/etc/sql-mit-edu.cfg.php
[3] => /srv/web/main/server.cfg.php
[4] => /srv/web/main/defaults.cfg.php
[5] => /srv/web/main/lib/mitsql.lib.php
[6] => /srv/web/main/lib/joe/util.lib.php
[7] => /srv/web/main/lib/dbaccess.lib.php
[8] => /srv/web/main/lib/joe/mysql.lib.php
[9] => /srv/web/main/lib/security.lib.php
[10] => /srv/web/main/lib/errorhandler.lib.php
[11] => /srv/web/main/lib/display.lib.php
[12] => /srv/web/main/global.act.php
[13] => /srv/web/main/lib/proc.lib.php
)

Array
(
[sql] => UPDATE DB SET `bEnabled`=0 WHERE DB.Name = 'sloanfinance+''
)