This repository has been archived by the owner. It is now read-only.
Permalink
Browse files

Merge pull request #24 from blocktrail/escapefield

use the escapeField function when doing .insert or .update
  • Loading branch information...
DrBenton committed Mar 5, 2015
2 parents 3c49018 + ffaef6e commit 8a0fbd724affdb1c2fcdc63400ca5c19bd8a084c
Showing with 2 additions and 2 deletions.
  1. +2 −2 lib/dbWrapper.js
View
@@ -316,7 +316,7 @@ DBWrapper.prototype.insert = function( tableName, data, callback )
var valuesPlaceholders = [];
for( var fieldName in data )
{
- sqlFieldsStrArray.push( fieldName );
+ sqlFieldsStrArray.push( this._adapter.escapeField(fieldName) );
sqlValuesArray.push( data[fieldName] );
valuesPlaceholders.push( '?' );
}
@@ -360,7 +360,7 @@ DBWrapper.prototype.update = function( tableName, data, where, callback )
var sqlValuesArray = [];
for( var fieldName in data )
{
- sqlFieldsStrArray.push( fieldName + '=?' );
+ sqlFieldsStrArray.push( this._adapter.escapeField(fieldName) + '=?' );
sqlValuesArray.push( data[fieldName] );
}

0 comments on commit 8a0fbd7

Please sign in to comment.