Update MysqlEntity.class.php

Change " in mysql request to \' CF : #496
LeedRSS · Sep 20, 2022 · de3b566 · de3b566
1 parent b9fe8cd
commit de3b566
Showing 1 changed file with 8 additions and 8 deletions.
diff --git a/MysqlEntity.class.php b/MysqlEntity.class.php
@@ -166,7 +166,7 @@ public function massiveInsert($events){
                 foreach($event->object_fields as $field=>$type){
                     if($type!='key'){
                         if($i){$query .=',';}else{$i=true;}
-                        $query .='"'.$this->secure($event->$field, $field).'"';
+                        $query .='\''.$this->secure($event->$field, $field).'\'';
                     }
                 }
 
@@ -195,10 +195,10 @@ public function save($id_field='id'){
             foreach($this->object_fields as $field=>$type){
                 if($i){$query .=',';}else{$i=true;}
                 $id = $this->$field;
-                $query .= '`'.$field.'`="'.$this->secure($id, $field).'"';
+                $query .= '`'.$field.'`=\''.$this->secure($id, $field).'\'';
             }
 
-            $query .= ' WHERE `'.$id_field.'`="'.$this->$id_field.'";';
+            $query .= ' WHERE `'.$id_field.'`=\''.$this->$id_field.'\';';
         }else{
             $query = 'INSERT INTO `'.MYSQL_PREFIX.$this->TABLE_NAME.'`(';
             $i=false;
@@ -210,7 +210,7 @@ public function save($id_field='id'){
             $i=false;
             foreach($this->object_fields as $field=>$type){
                 if($i){$query .=',';}else{$i=true;}
-                $query .='"'.$this->secure($this->$field, $field).'"';
+                $query .='\''.$this->secure($this->$field, $field).'\'';
             }
 
             $query .=');';
@@ -234,7 +234,7 @@ public function change($columns,$columns2,$operation='='){
         $i=false;
         foreach ($columns as $column=>$value){
             if($i){$query .=',';}else{$i=true;}
-            $query .= '`'.$column.'`="'.$this->secure($value, $column).'" ';
+            $query .= '`'.$column.'`=\''.$this->secure($value, $column).'\' ';
         }
         $query .= $this->getWhereClause($columns2, $operation);
 
@@ -339,7 +339,7 @@ public function rowCount($columns=null)
             $i=false;
             foreach($columns as $column=>$value){
                 if($i){$whereClause .=' AND ';}else{$i=true;}
-                $whereClause .= '`'.$column.'`="'.$this->secure($value, $column).'"';
+                $whereClause .= '`'.$column.'`=\''.$this->secure($value, $column).'\'';
             }
         }
         $query = 'SELECT COUNT(1) FROM `'.MYSQL_PREFIX.$this->TABLE_NAME.'`'.$whereClause;
@@ -364,7 +364,7 @@ public function delete($columns,$operation='='){
         $i=false;
         foreach($columns as $column=>$value){
             if($i){$whereClause .=' AND ';}else{$i=true;}
-            $whereClause .= '`'.$column.'`'.$operation.'"'.$this->secure($value, $column).'"';
+            $whereClause .= '`'.$column.'`'.$operation.'\''.$this->secure($value, $column).'\'';
         }
         $query = 'DELETE FROM `'.MYSQL_PREFIX.$this->TABLE_NAME.'` WHERE '.$whereClause.' ;';
         if($this->debug)echo '<hr>'.get_class($this).' ('.__METHOD__ .') : Requete --> '.$query.'<br>'.$this->dbconnector->connection->error;
@@ -469,7 +469,7 @@ protected function getWhereClause($columns,$operation) {
             foreach($columns as $column=>$value){
                 $customQueryOperator = $this->getCustomQueryOperator($operation_default, $value);
                 if($i){$whereClause .=' AND ';}else{$i=true;}
-                $whereClause .= '`'.$column.'`'.$customQueryOperator[0].'"'.$this->secure($customQueryOperator[1], $column).'"';
+                $whereClause .= '`'.$column.'`'.$customQueryOperator[0].'\''.$this->secure($customQueryOperator[1], $column).'\'';
             }
         }