Merge pull request #336 from avbdr/master

Allow " and ' chars in orderBy
ThingEngineer · Oct 2, 2015 · fe8fb79 · fe8fb79
2 parents bf23579 + 8d53d6a
commit fe8fb79
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/MysqliDb.php b/MysqliDb.php
@@ -714,7 +714,7 @@ public function orderBy($orderByField, $orderbyDirection = "DESC", $customFields
     {
         $allowedDirection = Array ("ASC", "DESC");
         $orderbyDirection = strtoupper (trim ($orderbyDirection));
-        $orderByField = preg_replace ("/[^-a-z0-9\.\(\),_`\*]+/i",'', $orderByField);
+        $orderByField = preg_replace ("/[^-a-z0-9\.\(\),_`\*\'\"]+/i",'', $orderByField);
 
         // Add table prefix to orderByField if needed.
         //FIXME: We are adding prefix only if table is enclosed into `` to distinguish aliases
@@ -1240,8 +1240,10 @@ public function __destruct()
     {
         if ($this->isSubQuery)
             return;
-        if ($this->_mysqli)
+        if ($this->_mysqli) {
             $this->_mysqli->close();
+            $this->_mysqli = null;
+        }
     }
 
     /**