Escape column names properly

Always use the appropriate wrapping/escaping mechanism when generating SQL to prevent syntax errors and SQL injection vulnerabilities, especially when handling:

1. Functional expressions in columns: When dealing with columns that contain SQL functions or expressions, use a detection method before applying escaping:

protected static function isFunctionalExpression(string $column): bool
{
    return preg_match('/\(.+\)/', $column);
}

// Usage when building queries
$columns = collect($command->columns)
    ->map(fn (string $column) => self::isFunctionalExpression($column) ? $column : $this->wrap($column))
    ->implode(', ');

1. Column names that are SQL keywords: Database column names might conflict with SQL reserved keywords (like ‘create’, ‘table’, ‘order’). Always properly wrap these identifiers:

// DON'T rely on plain string interpolation
$query = "SELECT $column FROM users";

// DO use the query builder or wrap method
$query = $this->builder->select($this->wrap($column))->from('users');

1. Cross-database compatibility: Different database systems use different identifier quoting (MySQL uses backticks, PostgreSQL uses double quotes). Always use the database grammar’s wrap() method instead of hardcoding quote characters.

This practice prevents SQL errors when working with reserved words as column names, functional expressions in indexes, and ensures consistent behavior across different database systems.