Skip to content
Browse files

Database: explicitly define table in where clause to make queries una…

…mbiguous
  • Loading branch information...
1 parent d449094 commit 63d0ed9bc965e0544546ce3fa13cb6f011d91299 @juzna committed Mar 25, 2012
Showing with 3 additions and 0 deletions.
  1. +3 −0 Nette/Database/Table/Selection.php
View
3 Nette/Database/Table/Selection.php
@@ -220,6 +220,9 @@ public function where($condition, $parameters = array())
$this->conditions[$hash] = $condition;
$condition = $this->removeExtraTables($condition);
+ if (!preg_match('~[.:]~', $condition)) {
@hrach
hrach added a note Mar 25, 2012

maybe use # as delimeter since it's used across the framework.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+ $condition = "$this->name.$condition";
+ }
$condition = $this->tryDelimite($condition);
$args = func_num_args();

1 comment on commit 63d0ed9

@icaine
icaine commented on 63d0ed9 May 13, 2012

what if you pass as a condition something like "column < ? OR column > ?"?

Please sign in to comment.
Something went wrong with that request. Please try again.