friendica/friendica
6
0
Fork 1
mirror of https://github.com/friendica/friendica synced 2024-05-17 20:26:42 +02:00
Code Issues Packages Projects Releases 1 Wiki Activity

Use DBA::quoteIdentifier in Database::escapeFields

Browse source
This commit is contained in:
Hypolite Petovan 2022-07-27 19:54:02 -04:00
parent 95b67f5e46
commit e445975c20
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/Database/DBA.php
View file

@ -531,9 +531,9 @@ class DBA
} }
/** /**
* Escape an identifier (table or field name) optional with a schema like (schema.)table * Escape an identifier (table or field name) optional with a schema like ((schema.)table.)field
* *
* @param $identifier Table, field name * @param string $identifier Table, field name
* @return string Quotes table or field name * @return string Quotes table or field name
*/ */
public static function quoteIdentifier(string $identifier): string public static function quoteIdentifier(string $identifier): string

2
src/Database/Database.php
View file

@ -1438,7 +1438,7 @@ class Database
array_walk($fields, function(&$value, $key) use ($options) array_walk($fields, function(&$value, $key) use ($options)
{ {
$field = $value; $field = $value;
$value = '`' . str_replace('`', '``', $value) . '`'; $value = DBA::quoteIdentifier($field);
if (!empty($options['group_by']) && !in_array($field, $options['group_by'])) { if (!empty($options['group_by']) && !in_array($field, $options['group_by'])) {
$value = 'ANY_VALUE(' . $value . ') AS ' . $value; $value = 'ANY_VALUE(' . $value . ') AS ' . $value;