Skip to content

Commit

Permalink
Update MysqlEntity.class.php
Browse files Browse the repository at this point in the history
Change " in mysql request to \' 
CF : #496
  • Loading branch information
grimlokason authored and Simounet committed Sep 20, 2022
1 parent b9fe8cd commit de3b566
Showing 1 changed file with 8 additions and 8 deletions.
16 changes: 8 additions & 8 deletions MysqlEntity.class.php
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ public function massiveInsert($events){
foreach($event->object_fields as $field=>$type){
if($type!='key'){
if($i){$query .=',';}else{$i=true;}
$query .='"'.$this->secure($event->$field, $field).'"';
$query .='\''.$this->secure($event->$field, $field).'\'';
}
}

Expand Down Expand Up @@ -195,10 +195,10 @@ public function save($id_field='id'){
foreach($this->object_fields as $field=>$type){
if($i){$query .=',';}else{$i=true;}
$id = $this->$field;
$query .= '`'.$field.'`="'.$this->secure($id, $field).'"';
$query .= '`'.$field.'`=\''.$this->secure($id, $field).'\'';
}

$query .= ' WHERE `'.$id_field.'`="'.$this->$id_field.'";';
$query .= ' WHERE `'.$id_field.'`=\''.$this->$id_field.'\';';
}else{
$query = 'INSERT INTO `'.MYSQL_PREFIX.$this->TABLE_NAME.'`(';
$i=false;
Expand All @@ -210,7 +210,7 @@ public function save($id_field='id'){
$i=false;
foreach($this->object_fields as $field=>$type){
if($i){$query .=',';}else{$i=true;}
$query .='"'.$this->secure($this->$field, $field).'"';
$query .='\''.$this->secure($this->$field, $field).'\'';
}

$query .=');';
Expand All @@ -234,7 +234,7 @@ public function change($columns,$columns2,$operation='='){
$i=false;
foreach ($columns as $column=>$value){
if($i){$query .=',';}else{$i=true;}
$query .= '`'.$column.'`="'.$this->secure($value, $column).'" ';
$query .= '`'.$column.'`=\''.$this->secure($value, $column).'\' ';
}
$query .= $this->getWhereClause($columns2, $operation);

Expand Down Expand Up @@ -339,7 +339,7 @@ public function rowCount($columns=null)
$i=false;
foreach($columns as $column=>$value){
if($i){$whereClause .=' AND ';}else{$i=true;}
$whereClause .= '`'.$column.'`="'.$this->secure($value, $column).'"';
$whereClause .= '`'.$column.'`=\''.$this->secure($value, $column).'\'';
}
}
$query = 'SELECT COUNT(1) FROM `'.MYSQL_PREFIX.$this->TABLE_NAME.'`'.$whereClause;
Expand All @@ -364,7 +364,7 @@ public function delete($columns,$operation='='){
$i=false;
foreach($columns as $column=>$value){
if($i){$whereClause .=' AND ';}else{$i=true;}
$whereClause .= '`'.$column.'`'.$operation.'"'.$this->secure($value, $column).'"';
$whereClause .= '`'.$column.'`'.$operation.'\''.$this->secure($value, $column).'\'';
}
$query = 'DELETE FROM `'.MYSQL_PREFIX.$this->TABLE_NAME.'` WHERE '.$whereClause.' ;';
if($this->debug)echo '<hr>'.get_class($this).' ('.__METHOD__ .') : Requete --> '.$query.'<br>'.$this->dbconnector->connection->error;
Expand Down Expand Up @@ -469,7 +469,7 @@ protected function getWhereClause($columns,$operation) {
foreach($columns as $column=>$value){
$customQueryOperator = $this->getCustomQueryOperator($operation_default, $value);
if($i){$whereClause .=' AND ';}else{$i=true;}
$whereClause .= '`'.$column.'`'.$customQueryOperator[0].'"'.$this->secure($customQueryOperator[1], $column).'"';
$whereClause .= '`'.$column.'`'.$customQueryOperator[0].'\''.$this->secure($customQueryOperator[1], $column).'\'';
}
}

Expand Down

0 comments on commit de3b566

Please sign in to comment.