escape table name when updating Objects
This commit is contained in:
parent
94b29c6c7a
commit
3b1be3346b
|
@ -306,7 +306,7 @@ class ZM_Object {
|
||||||
$fields = array_keys($fields);
|
$fields = array_keys($fields);
|
||||||
|
|
||||||
if ( $this->Id() ) {
|
if ( $this->Id() ) {
|
||||||
$sql = 'UPDATE '.$table.' SET '.implode(', ', array_map(function($field) {return '`'.$field.'`=?';}, $fields)).' WHERE Id=?';
|
$sql = 'UPDATE `'.$table.'` SET '.implode(', ', array_map(function($field) {return '`'.$field.'`=?';}, $fields)).' WHERE Id=?';
|
||||||
$values = array_map(function($field){ return $this->{$field};}, $fields);
|
$values = array_map(function($field){ return $this->{$field};}, $fields);
|
||||||
$values[] = $this->{'Id'};
|
$values[] = $this->{'Id'};
|
||||||
if ( dbQuery($sql, $values) )
|
if ( dbQuery($sql, $values) )
|
||||||
|
@ -314,8 +314,8 @@ class ZM_Object {
|
||||||
} else {
|
} else {
|
||||||
unset($fields['Id']);
|
unset($fields['Id']);
|
||||||
|
|
||||||
$sql = 'INSERT INTO '.$table.
|
$sql = 'INSERT INTO `'.$table.
|
||||||
' ('.implode(', ', array_map(function($field) {return '`'.$field.'`';}, $fields)).
|
'` ('.implode(', ', array_map(function($field) {return '`'.$field.'`';}, $fields)).
|
||||||
') VALUES ('.
|
') VALUES ('.
|
||||||
implode(', ', array_map(function($field){return '?';}, $fields)).')';
|
implode(', ', array_map(function($field){return '?';}, $fields)).')';
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue