Backtick table and column names. Props mdawaffe. fixes #9505
git-svn-id: http://svn.automattic.com/wordpress/trunk@10907 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
8362ffda5c
commit
c827471bf0
|
@ -697,7 +697,7 @@ class wpdb {
|
||||||
*
|
*
|
||||||
* @since 2.5.0
|
* @since 2.5.0
|
||||||
*
|
*
|
||||||
* @param string $table WARNING: not sanitized!
|
* @param string $table table name
|
||||||
* @param array $data Should not already be SQL-escaped
|
* @param array $data Should not already be SQL-escaped
|
||||||
* @param array|string $format The format of the field values.
|
* @param array|string $format The format of the field values.
|
||||||
* @return mixed Results of $this->query()
|
* @return mixed Results of $this->query()
|
||||||
|
@ -717,7 +717,7 @@ class wpdb {
|
||||||
$form = '%s';
|
$form = '%s';
|
||||||
$formatted_fields[] = $form;
|
$formatted_fields[] = $form;
|
||||||
}
|
}
|
||||||
$sql = "INSERT INTO $table (`" . implode( '`,`', $fields ) . "`) VALUES ('" . implode( "','", $formatted_fields ) . "')";
|
$sql = "INSERT INTO `$table` (`" . implode( '`,`', $fields ) . "`) VALUES ('" . implode( "','", $formatted_fields ) . "')";
|
||||||
return $this->query( $this->prepare( $sql, $data) );
|
return $this->query( $this->prepare( $sql, $data) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -726,9 +726,9 @@ class wpdb {
|
||||||
*
|
*
|
||||||
* @since 2.5.0
|
* @since 2.5.0
|
||||||
*
|
*
|
||||||
* @param string $table WARNING: not sanitized!
|
* @param string $table table name
|
||||||
* @param array $data Should not already be SQL-escaped
|
* @param array $data Should not already be SQL-escaped
|
||||||
* @param array $where A named array of WHERE column => value relationships. Multiple member pairs will be joined with ANDs. WARNING: the column names are not currently sanitized!
|
* @param array $where A named array of WHERE column => value relationships. Multiple member pairs will be joined with ANDs.
|
||||||
* @param array|string $format The format of the field values.
|
* @param array|string $format The format of the field values.
|
||||||
* @param array|string $where_format The format of the where field values.
|
* @param array|string $where_format The format of the where field values.
|
||||||
* @return mixed Results of $this->query()
|
* @return mixed Results of $this->query()
|
||||||
|
@ -759,10 +759,10 @@ class wpdb {
|
||||||
$form = $db_field_types[$field];
|
$form = $db_field_types[$field];
|
||||||
else
|
else
|
||||||
$form = '%s';
|
$form = '%s';
|
||||||
$wheres[] = "$field = {$form}";
|
$wheres[] = "`$field` = {$form}";
|
||||||
}
|
}
|
||||||
|
|
||||||
$sql = "UPDATE $table SET " . implode( ', ', $bits ) . ' WHERE ' . implode( ' AND ', $wheres );
|
$sql = "UPDATE `$table` SET " . implode( ', ', $bits ) . ' WHERE ' . implode( ' AND ', $wheres );
|
||||||
return $this->query( $this->prepare( $sql, array_merge(array_values($data), array_values($where))) );
|
return $this->query( $this->prepare( $sql, array_merge(array_values($data), array_values($where))) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue