sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Backtick table and column names. Props mdawaffe. fixes #9505 

git-svn-id: https://develop.svn.wordpress.org/trunk@10907 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren 2009-04-10 21:37:19 +00:00
parent 86b731ec7a
commit d957761a32
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
wp-includes/wp-db.php
View File

@ -697,7 +697,7 @@ class wpdb {
* *
* @since 2.5.0 * @since 2.5.0
* *
* @param string $table WARNING: not sanitized! * @param string $table table name
* @param array $data Should not already be SQL-escaped * @param array $data Should not already be SQL-escaped
* @param array|string $format The format of the field values. * @param array|string $format The format of the field values.
* @return mixed Results of $this->query() * @return mixed Results of $this->query()
@ -717,7 +717,7 @@ class wpdb {
$form = '%s'; $form = '%s';
$formatted_fields[] = $form; $formatted_fields[] = $form;
} }
$sql = "INSERT INTO $table (`" . implode( '`,`', $fields ) . "`) VALUES ('" . implode( "','", $formatted_fields ) . "')"; $sql = "INSERT INTO `$table` (`" . implode( '`,`', $fields ) . "`) VALUES ('" . implode( "','", $formatted_fields ) . "')";
return $this->query( $this->prepare( $sql, $data) ); return $this->query( $this->prepare( $sql, $data) );
} }
@ -726,9 +726,9 @@ class wpdb {
* *
* @since 2.5.0 * @since 2.5.0
* *
* @param string $table WARNING: not sanitized! * @param string $table table name
* @param array $data Should not already be SQL-escaped * @param array $data Should not already be SQL-escaped
* @param array $where A named array of WHERE column => value relationships. Multiple member pairs will be joined with ANDs. WARNING: the column names are not currently sanitized! * @param array $where A named array of WHERE column => value relationships. Multiple member pairs will be joined with ANDs.
* @param array|string $format The format of the field values. * @param array|string $format The format of the field values.
* @param array|string $where_format The format of the where field values. * @param array|string $where_format The format of the where field values.
* @return mixed Results of $this->query() * @return mixed Results of $this->query()
@ -759,10 +759,10 @@ class wpdb {
$form = $db_field_types[$field]; $form = $db_field_types[$field];
else else
$form = '%s'; $form = '%s';
$wheres[] = "$field = {$form}"; $wheres[] = "`$field` = {$form}";
} }
$sql = "UPDATE $table SET " . implode( ', ', $bits ) . ' WHERE ' . implode( ' AND ', $wheres ); $sql = "UPDATE `$table` SET " . implode( ', ', $bits ) . ' WHERE ' . implode( ' AND ', $wheres );
return $this->query( $this->prepare( $sql, array_merge(array_values($data), array_values($where))) ); return $this->query( $this->prepare( $sql, array_merge(array_values($data), array_values($where))) );
} }