From a1d65f3737980658e9a5dd12165860e35e435941 Mon Sep 17 00:00:00 2001
From: "godzilla80@gmx.net" <>
Date: Sat, 20 Feb 2010 09:18:40 +0000
Subject: Fixed Issue 209 - SqlMap doesn't escape inline params properly

---
 framework/Data/SqlMap/Statements/TSimpleDynamicSql.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'framework/Data')

diff --git a/framework/Data/SqlMap/Statements/TSimpleDynamicSql.php b/framework/Data/SqlMap/Statements/TSimpleDynamicSql.php
index 3e8969ba..5d85ded9 100644
--- a/framework/Data/SqlMap/Statements/TSimpleDynamicSql.php
+++ b/framework/Data/SqlMap/Statements/TSimpleDynamicSql.php
@@ -32,9 +32,8 @@ class TSimpleDynamicSql extends TStaticSql
 		foreach($this->_mappings as $property)
 		{
 			$value = TPropertyAccess::get($parameter, $property);
-			$sql = preg_replace('/'.TSimpleDynamicParser::DYNAMIC_TOKEN.'/', $value, $sql, 1);
+			$sql = preg_replace('/'.TSimpleDynamicParser::DYNAMIC_TOKEN.'/', str_replace('$', '\$', $value), $sql, 1);
 		}
-
 		return $sql;
 	}
 }
-- 
cgit v1.2.3