From 50231853bde074ff877df3e55e264382f2b17696 Mon Sep 17 00:00:00 2001
From: Yung Han Khoe <yung@webgui-svn>
Date: Thu, 27 Mar 2008 16:44:46 +0000
Subject: [PATCH] fixed: Thingy: problems editing/viewing records

---
 docs/changelog/7.x.x.txt           |  1 +
 lib/WebGUI/Asset/Wobject/Thingy.pm | 10 +++++-----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index 1decff181..6ef5506af 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -26,6 +26,7 @@
  - fixed: Syndicated Content URLs using macros not updated by caching workflow
  - fixed: Syndicated Content asset tries too hard to get URLs returning errors
  - fixed: Thingy: field type includes things without fields
+ - fixed: Thingy: problems editing/viewing records
  - fix: Users now have permission to add comments
  - fix: Username for comment poster is now shown correctly
  - fix: Slideshow now works
diff --git a/lib/WebGUI/Asset/Wobject/Thingy.pm b/lib/WebGUI/Asset/Wobject/Thingy.pm
index fc0143a76..ef951d904 100644
--- a/lib/WebGUI/Asset/Wobject/Thingy.pm
+++ b/lib/WebGUI/Asset/Wobject/Thingy.pm
@@ -1663,8 +1663,8 @@ sub www_editThingData {
     
     if ($thingDataId ne "new"){
         # Get Field Values
-        %thingData = $session->db->quickHash("select * from Thingy_".$thingId." where thingDataId =
-".$session->db->quote($thingDataId));
+        %thingData = $session->db->quickHash("select * from ".$session->db->dbh->quote_identifier("Thingy_".$thingId)
+        ." where thingDataId = ?",[$thingDataId]);
     }
 
     $fields = $session->db->read('select * from Thingy_fields where assetId =
@@ -1938,7 +1938,7 @@ thingId=".$session->db->quote($thingId));
             }
             
             if((scalar @duplicatesConstraint) > 0){
-                my $query = "select thingDataId from Thingy_".$thingId." where ";
+                my $query = "select thingDataId from ".$dbh->quote_identifier("Thingy_".$thingId)." where ";
                 $query .= join(" and ",@duplicatesConstraint);
                 $query .= " limit 1";
                 ($foundDuplicateId) = $session->db->quickArray($query);
@@ -2485,8 +2485,8 @@ thingId=".$self->session->db->quote($thingId));
     }
 
     # Get Field Values
-    %thingData = $session->db->quickHash("select * from Thingy_".$thingId." where thingDataId = "
-    .$session->db->quote($thingDataId));
+    %thingData = $session->db->quickHash("select * from ".$session->db->dbh->quote_identifier("Thingy_".$thingId)
+        ." where thingDataId = ?",[$thingDataId]);
 
     $fields = $session->db->read('select * from Thingy_fields where assetId = '
     .$session->db->quote($self->get("assetId")).' and thingId = '.$session->db->quote($thingId).' order by