From a1d65f3737980658e9a5dd12165860e35e435941 Mon Sep 17 00:00:00 2001 From: "godzilla80@gmx.net" <> Date: Sat, 20 Feb 2010 09:18:40 +0000 Subject: Fixed Issue 209 - SqlMap doesn't escape inline params properly --- framework/Data/SqlMap/Statements/TSimpleDynamicSql.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'framework/Data') diff --git a/framework/Data/SqlMap/Statements/TSimpleDynamicSql.php b/framework/Data/SqlMap/Statements/TSimpleDynamicSql.php index 3e8969ba..5d85ded9 100644 --- a/framework/Data/SqlMap/Statements/TSimpleDynamicSql.php +++ b/framework/Data/SqlMap/Statements/TSimpleDynamicSql.php @@ -32,9 +32,8 @@ class TSimpleDynamicSql extends TStaticSql foreach($this->_mappings as $property) { $value = TPropertyAccess::get($parameter, $property); - $sql = preg_replace('/'.TSimpleDynamicParser::DYNAMIC_TOKEN.'/', $value, $sql, 1); + $sql = preg_replace('/'.TSimpleDynamicParser::DYNAMIC_TOKEN.'/', str_replace('$', '\$', $value), $sql, 1); } - return $sql; } } -- cgit v1.2.3