wpstudio/majestic
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

SqlDbDriver quote identifier - add checking for string as placeholder.

Browse Source
This commit is contained in:
Alexander Demidov
2013-09-26 10:46:30 +04:00
parent e06ddba773
commit 3f6b2adefd
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
model/SqlDbDriver.php
View File

@ -110,7 +110,9 @@ abstract class SqlDbDriver extends DbDriver
{ {
$ident = explode('.', $ident); $ident = explode('.', $ident);
foreach ($ident as &$segment) { foreach ($ident as &$segment) {
$segment = $this->identifier_quote . $segment . $this->identifier_quote; if (!preg_match('/(\?|:[A-z0-9_]+)/u', $segment)) {
$segment = $this->identifier_quote . $segment . $this->identifier_quote;
}
} }
return implode('.', $ident); return implode('.', $ident);
} }
@ -141,7 +143,7 @@ abstract class SqlDbDriver extends DbDriver
foreach ($where as $cond => &$term) { foreach ($where as $cond => &$term) {
if (is_int($cond)) { if (is_int($cond)) {
if (is_int($term)) { if (is_int($term)) {
throw new ErrorException('Condition in where expression as integer. Dangerous. ' . $term); throw new ErrorException('Condition in where expression as integer. ' . $term);
} }
if ($term instanceof DbExpr) { if ($term instanceof DbExpr) {
$term = (string) $term; $term = (string) $term;