Permalink
Browse files

adding more escaping for #717

  • Loading branch information...
padams
padams committed Nov 6, 2012
1 parent 079eb55 commit 5b359e1849f20abdfdde48a00e3fa7f5cd3d1fb5
Showing with 6 additions and 6 deletions.
  1. +6 −6 owa_db.php
View
@@ -577,27 +577,27 @@ function _makeConstraintClause($type = 'WHERE', $params) {
break;
case 'between':
- $constraint .= sprintf("%s BETWEEN '%s' AND '%s'", $v['name'], $v['value']['start'], $v['value']['end']);
+ $constraint .= sprintf("%s BETWEEN '%s' AND '%s'", $v['name'], $this->prepare( $v['value']['start'] ), $this->prepare( $v['value']['end'] ) );
break;
case '=~':
- $constraint .= sprintf("%s %s '%s'",$v['name'], OWA_SQL_REGEXP, $v['value']);
+ $constraint .= sprintf("%s %s '%s'",$v['name'], OWA_SQL_REGEXP, $this->prepare( $v['value'] ) );
break;
case '!~':
- $constraint .= sprintf("%s %s '%s'",$v['name'], OWA_SQL_NOTREGEXP, $v['value']);
+ $constraint .= sprintf("%s %s '%s'",$v['name'], OWA_SQL_NOTREGEXP, $this->prepare( $v['value'] ) );
break;
case '=@':
- $constraint .= sprintf("LOCATE('%s', %s) > 0",$v['value'], $v['name']);
+ $constraint .= sprintf("LOCATE('%s', %s) > 0",$v['value'], $this->prepare( $v['name'] ) );
break;
case '!@':
- $constraint .= sprintf("LOCATE('%s', %s) = 0",$v['value'], $v['name']);
+ $constraint .= sprintf("LOCATE('%s', %s) = 0",$v['value'], $this->prepare( $v['name'] ) );
break;
default:
- $constraint .= sprintf("%s %s '%s'",$v['name'], $v['operator'], $v['value']);
+ $constraint .= sprintf("%s %s '%s'",$v['name'], $v['operator'], $this->prepare( $v['value'] ) );
break;
}

0 comments on commit 5b359e1

Please sign in to comment.