moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 08:56:36 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

NOBUG: Normalise generated param names so we can safely use sql_xxx() helper functions everywhere.

Browse source
This commit is contained in:
Eloy Lafuente 2010-03-22 18:06:59 +00:00
parent cea304d432
commit cd6d352396
1 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

7
lib/dml/moodle_database.php
View file

@ -485,9 +485,10 @@ abstract class moodle_database {
$where[] = "$key IS NULL"; $where[] = "$key IS NULL";
} else { } else {
if ($allowed_types & SQL_PARAMS_NAMED) { if ($allowed_types & SQL_PARAMS_NAMED) {
$where[] = "$key = :$key"; $normkey = trim(preg_replace('/[^a-zA-Z0-9-_]/', '_', $key), '-_'); // Need to normalize key names
$params[$key] = $value; $where[] = "$key = :$normkey"; // because they can contain, originally,
} else { $params[$normkey] = $value; // spaces and other forbiden chars when
} else { // using sql_xxx() functions and friends.
$where[] = "$key = ?"; $where[] = "$key = ?";
$params[] = $value; $params[] = $value;
} }