Backtick table and column names. Props mdawaffe. fixes #9505

git-svn-id: http://svn.automattic.com/wordpress/trunk@10907 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2009-04-10 21:37:19 +00:00
parent 8362ffda5c
commit c827471bf0
1 changed files with 6 additions and 6 deletions

View File

@ -697,7 +697,7 @@ class wpdb {
* *
* @since 2.5.0 * @since 2.5.0
* *
* @param string $table WARNING: not sanitized! * @param string $table table name
* @param array $data Should not already be SQL-escaped * @param array $data Should not already be SQL-escaped
* @param array|string $format The format of the field values. * @param array|string $format The format of the field values.
* @return mixed Results of $this->query() * @return mixed Results of $this->query()
@ -717,7 +717,7 @@ class wpdb {
$form = '%s'; $form = '%s';
$formatted_fields[] = $form; $formatted_fields[] = $form;
} }
$sql = "INSERT INTO $table (`" . implode( '`,`', $fields ) . "`) VALUES ('" . implode( "','", $formatted_fields ) . "')"; $sql = "INSERT INTO `$table` (`" . implode( '`,`', $fields ) . "`) VALUES ('" . implode( "','", $formatted_fields ) . "')";
return $this->query( $this->prepare( $sql, $data) ); return $this->query( $this->prepare( $sql, $data) );
} }
@ -726,9 +726,9 @@ class wpdb {
* *
* @since 2.5.0 * @since 2.5.0
* *
* @param string $table WARNING: not sanitized! * @param string $table table name
* @param array $data Should not already be SQL-escaped * @param array $data Should not already be SQL-escaped
* @param array $where A named array of WHERE column => value relationships. Multiple member pairs will be joined with ANDs. WARNING: the column names are not currently sanitized! * @param array $where A named array of WHERE column => value relationships. Multiple member pairs will be joined with ANDs.
* @param array|string $format The format of the field values. * @param array|string $format The format of the field values.
* @param array|string $where_format The format of the where field values. * @param array|string $where_format The format of the where field values.
* @return mixed Results of $this->query() * @return mixed Results of $this->query()
@ -759,10 +759,10 @@ class wpdb {
$form = $db_field_types[$field]; $form = $db_field_types[$field];
else else
$form = '%s'; $form = '%s';
$wheres[] = "$field = {$form}"; $wheres[] = "`$field` = {$form}";
} }
$sql = "UPDATE $table SET " . implode( ', ', $bits ) . ' WHERE ' . implode( ' AND ', $wheres ); $sql = "UPDATE `$table` SET " . implode( ', ', $bits ) . ' WHERE ' . implode( ' AND ', $wheres );
return $this->query( $this->prepare( $sql, array_merge(array_values($data), array_values($where))) ); return $this->query( $this->prepare( $sql, array_merge(array_values($data), array_values($where))) );
} }