From 093a79bc4e5e2138d66d7353f8ddaf6b2d183a0c Mon Sep 17 00:00:00 2001
From: Mark <mark@netalico.com>
Date: Tue, 6 Apr 2021 16:30:02 -0500
Subject: [PATCH] Security Update for SQLi for Magento 2

---
 lib/Varien/Db/Adapter/Pdo/Mysql.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/lib/Varien/Db/Adapter/Pdo/Mysql.php b/lib/Varien/Db/Adapter/Pdo/Mysql.php
index 7e5a54633c0..5a5ae13dff7 100644
--- a/lib/Varien/Db/Adapter/Pdo/Mysql.php
+++ b/lib/Varien/Db/Adapter/Pdo/Mysql.php
@@ -3001,9 +3001,8 @@ public function prepareSqlCondition($fieldName, $condition)
      */
     protected function _prepareQuotedSqlCondition($text, $value, $fieldName)
     {
-        $sql = $this->quoteInto($text, $value);
-        $sql = str_replace('{{fieldName}}', $fieldName, $sql);
-        return $sql;
+      $text = str_replace('{{fieldName}}', $fieldName, $text);
+      return $this->quoteInto($text, $value);
     }
 
     /**