Permalink
Browse files

escaping table and field names

  • Loading branch information...
1 parent d8c4929 commit c0da9d9dd6c313d12cf24994a9897d4959654865 @mstdokumaci committed Jun 26, 2012
Showing with 13 additions and 13 deletions.
  1. +2 −2 lib/db.php
  2. +11 −11 lib/ddl.php
View
@@ -20,8 +20,8 @@ static function get_instance () {
}
function insert ($table, $data) {
- foreach ($data as $k=>$v) $data[$k]=$k . "='" . $this->escape($v) . "'";
- if (!mysqli_query($this->conn, "INSERT INTO " . $table . " SET " . implode(', ', $data)))
+ foreach ($data as $k=>$v) $data[$k]="`" . $k . "`='" . $this->escape($v) . "'";
+ if (!mysqli_query($this->conn, "INSERT INTO `" . $table . "` SET " . implode(', ', $data)))
throw new Exception('MySQL insert query error: ' . mysqli_error($this->conn));
return mysqli_insert_id($this->conn);
}
View
@@ -14,9 +14,9 @@ function create_tables () {
$this->table[$name]=$this->prepare_table($name, $table);
foreach ($this->table as $name=>$table) {
- $sql="DROP TABLE IF EXISTS " . $name;
+ $sql="DROP TABLE IF EXISTS `" . $name . "`";
$this->db->table($sql);
- $sql="CREATE TABLE " . $name . " (" . implode(', ', array_merge($table['fields'], $table['keys'])) . ") ENGINE=InnoDB";
+ $sql="CREATE TABLE `" . $name . "` (" . implode(', ', array_merge($table['fields'], $table['keys'])) . ") ENGINE=InnoDB";
$this->db->table($sql);
}
}
@@ -41,16 +41,16 @@ private function prepare_table ($name, $table) {
if (isset($this->table[$m2m['relation_name']]['created'])) {continue;}
$this->table[$m2m['relation_name']]['created']=true;
- $this->table[$m2m['relation_name']]['fields'][]=$m2m['foreign_name'] . ' ' . $this->get_field_type('numeric', $conf['len']) . " NOT NULL DEFAULT '0'";
- $this->table[$m2m['relation_name']]['fields'][]=$m2m['local_name'] . ' ' . $this->get_field_type('numeric', $this->DM[$m2m['type']]['conf']['len']) . " NOT NULL DEFAULT '0'";
- $this->table[$m2m['relation_name']]['keys'][]='PRIMARY KEY (' . $m2m['foreign_name'] . ', ' . $m2m['local_name'] . ')';
+ $this->table[$m2m['relation_name']]['fields'][]='`' . $m2m['foreign_name'] . '` ' . $this->get_field_type('numeric', $conf['len']) . " NOT NULL DEFAULT '0'";
+ $this->table[$m2m['relation_name']]['fields'][]='`' . $m2m['local_name'] . '` ' . $this->get_field_type('numeric', $this->DM[$m2m['type']]['conf']['len']) . " NOT NULL DEFAULT '0'";
+ $this->table[$m2m['relation_name']]['keys'][]='PRIMARY KEY (`' . $m2m['foreign_name'] . '`, `' . $m2m['local_name'] . '`)';
}
foreach ($table['self_ref'] as $self_ref) {
$type=$this->get_field_type('numeric', $conf['len']);
- $this->table[$self_ref]['fields'][]=$name . '1 ' . $type . " NOT NULL DEFAULT '0'";
- $this->table[$self_ref]['fields'][]=$name . '2 ' . $type . " NOT NULL DEFAULT '0'";
- $this->table[$self_ref]['keys'][]='PRIMARY KEY (' . $name . '1, ' . $name . '2)';
+ $this->table[$self_ref]['fields'][]='`' . $name . '1` ' . $type . " NOT NULL DEFAULT '0'";
+ $this->table[$self_ref]['fields'][]='`' . $name . '2` ' . $type . " NOT NULL DEFAULT '0'";
+ $this->table[$self_ref]['keys'][]='PRIMARY KEY (`' . $name . '1`, `' . $name . '2`)';
}
return $db_table;
@@ -62,13 +62,13 @@ private function prepare_field ($name, $field) {
else
$type=$this->get_field_type($field['type'], $field['len']);
- $db_field=$name . ' ' . $type . " NOT NULL DEFAULT '" . ($field['type']=='numeric' ? '0' : '') . "'";
+ $db_field='`' . $name . '` ' . $type . " NOT NULL DEFAULT '" . ($field['type']=='numeric' ? '0' : '') . "'";
$db_key='';
if ($field['unique'])
- $db_key='UNIQUE KEY (' . $name . ')';
+ $db_key='UNIQUE KEY (`' . $name . '`)';
elseif ($field['index'])
- $db_key='KEY (' . $name . ')';
+ $db_key='KEY (`' . $name . '`)';
return array($db_field, $db_key);
}

0 comments on commit c0da9d9

Please sign in to comment.