Commit 0e41dea8 authored by Marius Cramer's avatar Marius Cramer

- disallow ` in table names when using ?? placeholder in query

parent 587fe4ed
......@@ -126,7 +126,8 @@ class db extends mysqli
if($iPos2 !== false && ($iPos === false || $iPos2 <= $iPos)) {
$sTxt = $this->escape($sValue);
$sTxt = str_replace('`', '', $sTxt);
if(strpos($sTxt, '.') !== false) $sTxt = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $sTxt);
else $sTxt = '`' . $sTxt . '`';
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment