Skip to content
Permalink
Browse files

Tracy: escape % in sql before vsprintf

  • Loading branch information...
vody105 authored and f3l1x committed Jun 27, 2018
1 parent 5cbfa5f commit 8ebddc3143d88ac2ad2e78c7fad731f03cfccf32
Showing with 3 additions and 0 deletions.
  1. +3 −0 src/Tracy/QueryPanel/QueryPanel.php
@@ -36,6 +36,9 @@ public function startQuery($sql, ?array $params = null, ?array $types = null): v
// Do nothing
}
// Escape % before vsprintf (example: LIKE '%ant%')
$sql = str_replace('%', '%%', $sql);
$query = vsprintf(str_replace('?', '%s', $sql), call_user_func(function () use ($params, $types) {
$quotedParams = [];
foreach ($params as $typeIndex => $value) {

0 comments on commit 8ebddc3

Please sign in to comment.
You can’t perform that action at this time.