Add Mysql escaping

2014-10-08 21:49:25 -04:00 · 2014-10-08 21:49:25 -04:00 · a8418afdeb
parent 0d4e12d6e5
commit a8418afdeb
2 changed files with 6 additions and 2 deletions
--- a/app/Schema/Mysql.php
+++ b/app/Schema/Mysql.php
@ -22,8 +22,8 @@ function version_29($pdo)
 {
    $pdo->exec("
        CREATE TABLE settings (
-            option VARCHAR(100) PRIMARY KEY,
-            value VARCHAR(255) DEFAULT ''
+            `option` VARCHAR(100) PRIMARY KEY,
+            `value` VARCHAR(255) DEFAULT ''
        )
    ");

--- a/vendor/PicoDb/Table.php
+++ b/vendor/PicoDb/Table.php
@ -173,6 +173,10 @@ class Table

    public function buildSelectQuery()
    {
+        foreach ($this->columns as $key => $value) {
+            $this->columns[$key] = $this->db->escapeIdentifier($value);
+        }
+
        return sprintf(
            'SELECT %s %s FROM %s %s %s %s %s %s %s',
            $this->distinct ? 'DISTINCT' : '',