summaryrefslogtreecommitdiff
path: root/it_dbi.class
diff options
context:
space:
mode:
Diffstat (limited to 'it_dbi.class')
-rw-r--r--it_dbi.class9
1 files changed, 7 insertions, 2 deletions
diff --git a/it_dbi.class b/it_dbi.class
index d24a0fe..b3fd80b 100644
--- a/it_dbi.class
+++ b/it_dbi.class
@@ -306,7 +306,7 @@ function _set($tags, $force = false)
{
$expressions = $this->_expressions($tags, $force);
- return $expressions ? 'SET ' . implode(', ', it::map(fn ($k, $v) => "`$k`=$v", $expressions)) : '';
+ return $expressions ? 'SET ' . implode(', ', it::map(fn ($k, $v) => $this->_escape_name($k) . "=$v", $expressions)) : '';
}
/**
@@ -319,7 +319,7 @@ function _values($tags, $force = false)
$result = '';
if ($expressions)
- $result = '(' . implode(', ', array_keys($expressions)) . ') VALUES (' . implode(', ', array_values($expressions)) . ')';
+ $result = '(' . implode(', ', it::map(fn ($k) => $this->_escape_name($k), $expressions)) . ') VALUES (' . implode(', ', array_values($expressions)) . ')';
return $result;
}
@@ -1051,6 +1051,11 @@ function _escape_string($str)
return "'" . mysqli_real_escape_string($this->_link, $str) . "'";
}
+function _escape_name($str)
+{
+ return "`" . $str . "`";
+}
+
function _connect_db($p) {
$result = @mysqli_connect($p['server'], $p['user'], $p['pw']);