diff options
| author | Aleksander Machniak <alec@alec.pl> | 2012-10-03 12:17:30 +0200 |
|---|---|---|
| committer | Aleksander Machniak <alec@alec.pl> | 2012-10-03 12:17:30 +0200 |
| commit | bf2c04c26ce94ab5b8bb6d2696057ec827d1b121 (patch) | |
| tree | d27a34371a16631edf28a5db3675f62823fe6bae /lib/api/kolab_api_service_type.php | |
| parent | 9bc91d0f2089a39bde28767add34d31ec8017226 (diff) | |
| download | webadmin-bf2c04c26ce94ab5b8bb6d2696057ec827d1b121.tar.gz | |
Fix DB column names escaping in SQL queries
Diffstat (limited to 'lib/api/kolab_api_service_type.php')
| -rw-r--r-- | lib/api/kolab_api_service_type.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/api/kolab_api_service_type.php b/lib/api/kolab_api_service_type.php index 11d9387..794de16 100644 --- a/lib/api/kolab_api_service_type.php +++ b/lib/api/kolab_api_service_type.php @@ -92,11 +92,11 @@ class kolab_api_service_type extends kolab_api_service $query['used_for'] = $postdata['used_for'] == 'hosted' ? 'hosted' : null; } - $query = array_map(array($this->db, 'escape'), $query); + $query = array_map(array($this->db, 'escape'), $query); + $columns = array_map(array($this->db, 'escape_identifier'), array_keys($query)); $this->db->query("INSERT INTO {$type}_types" - . " (" . implode(',', array_keys($query)) . ")" - . " VALUES (" . implode(',', $query) . ")"); + . " (" . implode(', ', $columns) . ") VALUES (" . implode(', ', $query) . ")"); if (!($id = $this->db->last_insert_id())) { return false; @@ -175,7 +175,7 @@ class kolab_api_service_type extends kolab_api_service } foreach ($query as $idx => $value) { - $query[$idx] = $idx . " = " . $this->db->escape($value); + $query[$idx] = $this->db->escape_identifier($idx) . " = " . $this->db->escape($value); } $result = $this->db->query("UPDATE {$type}_types SET " |