summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrédéric Guillot <fred@kanboard.net>2014-10-08 21:49:25 -0400
committerFrédéric Guillot <fred@kanboard.net>2014-10-08 21:49:25 -0400
commita8418afdebe92dde495bc5010645779c73939b7b (patch)
treeda2928fbd0dda33b43b94fadd8fd8f89e297429f
parent0d4e12d6e5992749c31cc36036c12d600046f828 (diff)
Add Mysql escaping
-rw-r--r--app/Schema/Mysql.php4
-rw-r--r--vendor/PicoDb/Table.php4
2 files changed, 6 insertions, 2 deletions
diff --git a/app/Schema/Mysql.php b/app/Schema/Mysql.php
index ab618635..c7293a43 100644
--- a/app/Schema/Mysql.php
+++ b/app/Schema/Mysql.php
@@ -22,8 +22,8 @@ function version_29($pdo)
{
$pdo->exec("
CREATE TABLE settings (
- option VARCHAR(100) PRIMARY KEY,
- value VARCHAR(255) DEFAULT ''
+ `option` VARCHAR(100) PRIMARY KEY,
+ `value` VARCHAR(255) DEFAULT ''
)
");
diff --git a/vendor/PicoDb/Table.php b/vendor/PicoDb/Table.php
index f13b4e11..9c6bf4f9 100644
--- a/vendor/PicoDb/Table.php
+++ b/vendor/PicoDb/Table.php
@@ -173,6 +173,10 @@ class Table
public function buildSelectQuery()
{
+ foreach ($this->columns as $key => $value) {
+ $this->columns[$key] = $this->db->escapeIdentifier($value);
+ }
+
return sprintf(
'SELECT %s %s FROM %s %s %s %s %s %s %s',
$this->distinct ? 'DISTINCT' : '',