diff options
author | Frédéric Guillot <fred@kanboard.net> | 2014-10-08 21:49:25 -0400 |
---|---|---|
committer | Frédéric Guillot <fred@kanboard.net> | 2014-10-08 21:49:25 -0400 |
commit | a8418afdebe92dde495bc5010645779c73939b7b (patch) | |
tree | da2928fbd0dda33b43b94fadd8fd8f89e297429f | |
parent | 0d4e12d6e5992749c31cc36036c12d600046f828 (diff) |
Add Mysql escaping
-rw-r--r-- | app/Schema/Mysql.php | 4 | ||||
-rw-r--r-- | vendor/PicoDb/Table.php | 4 |
2 files changed, 6 insertions, 2 deletions
diff --git a/app/Schema/Mysql.php b/app/Schema/Mysql.php index ab618635..c7293a43 100644 --- a/app/Schema/Mysql.php +++ b/app/Schema/Mysql.php @@ -22,8 +22,8 @@ function version_29($pdo) { $pdo->exec(" CREATE TABLE settings ( - option VARCHAR(100) PRIMARY KEY, - value VARCHAR(255) DEFAULT '' + `option` VARCHAR(100) PRIMARY KEY, + `value` VARCHAR(255) DEFAULT '' ) "); diff --git a/vendor/PicoDb/Table.php b/vendor/PicoDb/Table.php index f13b4e11..9c6bf4f9 100644 --- a/vendor/PicoDb/Table.php +++ b/vendor/PicoDb/Table.php @@ -173,6 +173,10 @@ class Table public function buildSelectQuery() { + foreach ($this->columns as $key => $value) { + $this->columns[$key] = $this->db->escapeIdentifier($value); + } + return sprintf( 'SELECT %s %s FROM %s %s %s %s %s %s %s', $this->distinct ? 'DISTINCT' : '', |