From 2987ed44bcde16e6ed19e5cba051e35fb83a2aa7 Mon Sep 17 00:00:00 2001 From: Yung Han Khoe Date: Mon, 16 Nov 2009 12:11:45 +0100 Subject: [PATCH] Changing some SQL methods to quote table names --- lib/WebGUI/SQL.pm | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/WebGUI/SQL.pm b/lib/WebGUI/SQL.pm index 37720f702..0d5490284 100644 --- a/lib/WebGUI/SQL.pm +++ b/lib/WebGUI/SQL.pm @@ -484,7 +484,7 @@ The value to search for in the key column. sub deleteRow { my ($self, $table, $key, $keyValue) = @_; - my $sth = $self->write("delete from $table where ".$key."=?", [$keyValue]); + my $sth = $self->write("delete from ".$self->dbh->quote_identifier($table)." where ".$key."=?", [$keyValue]); } @@ -606,7 +606,7 @@ The value to search for in the key column. sub getRow { my ($self, $table, $key, $keyValue) = @_; - my $row = $self->quickHashRef("select * from $table where ".$key."=?",[$keyValue]); + my $row = $self->quickHashRef("select * from ".$self->dbh->quote_identifier($table)." where ".$key."=?",[$keyValue]); return $row; } @@ -946,7 +946,8 @@ sub setRow { my ($self, $table, $keyColumn, $data, $id) = @_; if ($data->{$keyColumn} eq "new" || $id) { $data->{$keyColumn} = $id || $self->session->id->generate(); - $self->write("replace into $table (" . $self->dbh->quote_identifier($keyColumn) . ") values (?)",[$data->{$keyColumn}]); + $self->write("replace into ".$self->dbh->quote_identifier($table) + ." (" . $self->dbh->quote_identifier($keyColumn) . ") values (?)",[$data->{$keyColumn}]); } my @fields = (); my @data = (); @@ -958,7 +959,7 @@ sub setRow { } if ($fields[0] ne "") { push(@data,$data->{$keyColumn}); - $self->write("update $table set " . join(", ", @fields) + $self->write("update ".$self->dbh->quote_identifier($table)." set " . join(", ", @fields) . " where " . $self->dbh->quote_identifier($keyColumn) . "=?", \@data); } return $data->{$keyColumn};