Permalink
Browse files

Database: explicitly define table in where clause to make queries una…

…mbiguous
  • Loading branch information...
juzna committed Mar 25, 2012
1 parent d449094 commit 63d0ed9bc965e0544546ce3fa13cb6f011d91299
Showing with 3 additions and 0 deletions.
  1. +3 −0 Nette/Database/Table/Selection.php
@@ -220,6 +220,9 @@ public function where($condition, $parameters = array())
$this->conditions[$hash] = $condition;
$condition = $this->removeExtraTables($condition);
+ if (!preg_match('~[.:]~', $condition)) {

This comment has been minimized.

Show comment
Hide comment
@hrach

hrach Mar 25, 2012

maybe use # as delimeter since it's used across the framework.

@hrach

hrach Mar 25, 2012

maybe use # as delimeter since it's used across the framework.

+ $condition = "$this->name.$condition";
+ }
$condition = $this->tryDelimite($condition);
$args = func_num_args();

1 comment on commit 63d0ed9

@icaine

This comment has been minimized.

Show comment
Hide comment
@icaine

icaine May 13, 2012

what if you pass as a condition something like "column < ? OR column > ?"?

icaine commented on 63d0ed9 May 13, 2012

what if you pass as a condition something like "column < ? OR column > ?"?

Please sign in to comment.