diff options
author | godzilla80@gmx.net <> | 2010-02-20 09:18:40 +0000 |
---|---|---|
committer | godzilla80@gmx.net <> | 2010-02-20 09:18:40 +0000 |
commit | a1d65f3737980658e9a5dd12165860e35e435941 (patch) | |
tree | c9b3afc8d9ba9708e1cb16741d422ece27827753 /framework/Data | |
parent | c625202466d9677f4005905f73b00c2941e1f6da (diff) |
Fixed Issue 209 - SqlMap doesn't escape inline params properly
Diffstat (limited to 'framework/Data')
-rw-r--r-- | framework/Data/SqlMap/Statements/TSimpleDynamicSql.php | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/framework/Data/SqlMap/Statements/TSimpleDynamicSql.php b/framework/Data/SqlMap/Statements/TSimpleDynamicSql.php index 3e8969ba..5d85ded9 100644 --- a/framework/Data/SqlMap/Statements/TSimpleDynamicSql.php +++ b/framework/Data/SqlMap/Statements/TSimpleDynamicSql.php @@ -32,9 +32,8 @@ class TSimpleDynamicSql extends TStaticSql foreach($this->_mappings as $property)
{
$value = TPropertyAccess::get($parameter, $property);
- $sql = preg_replace('/'.TSimpleDynamicParser::DYNAMIC_TOKEN.'/', $value, $sql, 1);
+ $sql = preg_replace('/'.TSimpleDynamicParser::DYNAMIC_TOKEN.'/', str_replace('$', '\$', $value), $sql, 1);
}
-
return $sql;
}
}
|