Skip to content
Browse files

Fixed DBAL-164. Quoting identifier was SQL Injection prone.

  • Loading branch information...
1 parent 3d82e0d commit 82cc921447fde697bf3d9f5285d0f0b8587303d8 @guilhermeblanco guilhermeblanco committed Sep 13, 2011
Showing with 1 addition and 1 deletion.
  1. +1 −1 lib/Doctrine/DBAL/Driver/OCI8/OCI8Connection.php
View
2 lib/Doctrine/DBAL/Driver/OCI8/OCI8Connection.php
@@ -83,7 +83,7 @@ public function query()
*/
public function quote($input, $type=\PDO::PARAM_STR)
{
- return is_numeric($input) ? $input : "'$input'";
+ return is_numeric($input) ? $input : "'" . str_replace("'", "''", $input) . "'";
}
/**

0 comments on commit 82cc921

Please sign in to comment.
Something went wrong with that request. Please try again.