summaryrefslogtreecommitdiff
path: root/framework/Data/SqlMap/Statements/TSimpleDynamicSql.php
diff options
context:
space:
mode:
authorgodzilla80@gmx.net <>2010-02-20 09:18:40 +0000
committergodzilla80@gmx.net <>2010-02-20 09:18:40 +0000
commita1d65f3737980658e9a5dd12165860e35e435941 (patch)
treec9b3afc8d9ba9708e1cb16741d422ece27827753 /framework/Data/SqlMap/Statements/TSimpleDynamicSql.php
parentc625202466d9677f4005905f73b00c2941e1f6da (diff)
Fixed Issue 209 - SqlMap doesn't escape inline params properly
Diffstat (limited to 'framework/Data/SqlMap/Statements/TSimpleDynamicSql.php')
-rw-r--r--framework/Data/SqlMap/Statements/TSimpleDynamicSql.php3
1 files changed, 1 insertions, 2 deletions
diff --git a/framework/Data/SqlMap/Statements/TSimpleDynamicSql.php b/framework/Data/SqlMap/Statements/TSimpleDynamicSql.php
index 3e8969ba..5d85ded9 100644
--- a/framework/Data/SqlMap/Statements/TSimpleDynamicSql.php
+++ b/framework/Data/SqlMap/Statements/TSimpleDynamicSql.php
@@ -32,9 +32,8 @@ class TSimpleDynamicSql extends TStaticSql
foreach($this->_mappings as $property)
{
$value = TPropertyAccess::get($parameter, $property);
- $sql = preg_replace('/'.TSimpleDynamicParser::DYNAMIC_TOKEN.'/', $value, $sql, 1);
+ $sql = preg_replace('/'.TSimpleDynamicParser::DYNAMIC_TOKEN.'/', str_replace('$', '\$', $value), $sql, 1);
}
-
return $sql;
}
}