WordPress.org

Make WordPress Core

Changeset 10907


Ignore:
Timestamp:
04/10/09 21:37:19 (5 years ago)
Author:
ryan
Message:

Backtick table and column names. Props mdawaffe. fixes #9505

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/wp-db.php

    r10810 r10907  
    698698     * @since 2.5.0 
    699699     * 
    700      * @param string $table WARNING: not sanitized! 
     700     * @param string $table table name 
    701701     * @param array $data Should not already be SQL-escaped 
    702702     * @param array|string $format The format of the field values. 
     
    718718            $formatted_fields[] = $form; 
    719719        } 
    720         $sql = "INSERT INTO $table (`" . implode( '`,`', $fields ) . "`) VALUES ('" . implode( "','", $formatted_fields ) . "')"; 
     720        $sql = "INSERT INTO `$table` (`" . implode( '`,`', $fields ) . "`) VALUES ('" . implode( "','", $formatted_fields ) . "')"; 
    721721        return $this->query( $this->prepare( $sql, $data) ); 
    722722    } 
     
    727727     * @since 2.5.0 
    728728     * 
    729      * @param string $table WARNING: not sanitized! 
     729     * @param string $table table name 
    730730     * @param array $data Should not already be SQL-escaped 
    731      * @param array $where A named array of WHERE column => value relationships.  Multiple member pairs will be joined with ANDs.  WARNING: the column names are not currently sanitized! 
     731     * @param array $where A named array of WHERE column => value relationships.  Multiple member pairs will be joined with ANDs. 
    732732     * @param array|string $format The format of the field values. 
    733733     * @param array|string $where_format The format of the where field values. 
     
    760760            else 
    761761                $form = '%s'; 
    762             $wheres[] = "$field = {$form}"; 
    763         } 
    764  
    765         $sql = "UPDATE $table SET " . implode( ', ', $bits ) . ' WHERE ' . implode( ' AND ', $wheres ); 
     762            $wheres[] = "`$field` = {$form}"; 
     763        } 
     764 
     765        $sql = "UPDATE `$table` SET " . implode( ', ', $bits ) . ' WHERE ' . implode( ' AND ', $wheres ); 
    766766        return $this->query( $this->prepare( $sql, array_merge(array_values($data), array_values($where))) ); 
    767767    } 
Note: See TracChangeset for help on using the changeset viewer.