diff options
| author | Maurício Meneghini Fauth <mauricio@fauth.dev> | 2022-11-09 19:31:31 +0300 |
|---|---|---|
| committer | Maurício Meneghini Fauth <mauricio@fauth.dev> | 2022-11-09 19:31:31 +0300 |
| commit | c337b72d5657d33c0f516f93c068d77dfeef5d2f (patch) | |
| tree | 3d69eb0c5ee732dc04b066c46e52a0491961c069 | |
| parent | 27ce8d46ef16e821895e817e18ca1764a911d4ae (diff) | |
Replace escapeString in Table::getColumnGenerationExpression
Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
| -rw-r--r-- | libraries/classes/Table.php | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/libraries/classes/Table.php b/libraries/classes/Table.php index 00fd96b6e1..273f84e266 100644 --- a/libraries/classes/Table.php +++ b/libraries/classes/Table.php @@ -2533,17 +2533,16 @@ class Table implements Stringable && $this->dbi->getVersion() > 50705 && ! $GLOBALS['cfg']['Server']['DisableIS'] ) { - $sql = "SELECT + $sql = 'SELECT `COLUMN_NAME` AS `Field`, `GENERATION_EXPRESSION` AS `Expression` FROM `information_schema`.`COLUMNS` WHERE - `TABLE_SCHEMA` = '" . $this->dbi->escapeString($this->dbName) . "' - AND `TABLE_NAME` = '" . $this->dbi->escapeString($this->name) . "'"; + `TABLE_SCHEMA` = ' . $this->dbi->quoteString($this->dbName) . ' + AND `TABLE_NAME` = ' . $this->dbi->quoteString($this->name); if ($column != null) { - $sql .= " AND `COLUMN_NAME` = '" . $this->dbi->escapeString($column) - . "'"; + $sql .= ' AND `COLUMN_NAME` = ' . $this->dbi->quoteString($column); } return $this->dbi->fetchResult($sql, 'Field', 'Expression'); |