diff options
author | Aleksander Machniak <alec@alec.pl> | 2014-09-12 14:37:51 +0200 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2014-09-12 14:37:51 +0200 |
commit | 34a0902089a410d1f7dda78d1f8b0771333c09df (patch) | |
tree | 729c7a994d64b7dbf9f78656d95b34846cae58ba /plugins/squirrelmail_usercopy/squirrelmail_usercopy.php | |
parent | 8cc65d1f5fae71e2ee07748e82ab274d8d45304b (diff) |
Use consistent column/table quoting in sql queries
Diffstat (limited to 'plugins/squirrelmail_usercopy/squirrelmail_usercopy.php')
-rw-r--r-- | plugins/squirrelmail_usercopy/squirrelmail_usercopy.php | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/plugins/squirrelmail_usercopy/squirrelmail_usercopy.php b/plugins/squirrelmail_usercopy/squirrelmail_usercopy.php index e882a2f37..7f378678e 100644 --- a/plugins/squirrelmail_usercopy/squirrelmail_usercopy.php +++ b/plugins/squirrelmail_usercopy/squirrelmail_usercopy.php @@ -164,14 +164,16 @@ class squirrelmail_usercopy extends rcube_plugin if ($db_charset) $db->query('SET NAMES '.$db_charset); - $sql_result = $db->query('SELECT * FROM '.$userprefs_table.' WHERE user=?', $uname); // ? is replaced with emailaddress + $sql_result = $db->query('SELECT * FROM ' . $db->quote_identifier($userprefs_table) + .' WHERE `user` = ?', $uname); // ? is replaced with emailaddress while ($sql_array = $db->fetch_assoc($sql_result) ) { // fetch one row from result $this->prefs[$sql_array['prefkey']] = rcube_charset::convert(rtrim($sql_array['prefval']), $db_charset); } /* retrieve address table data */ - $sql_result = $db->query('SELECT * FROM '.$address_table.' WHERE owner=?', $uname); // ? is replaced with emailaddress + $sql_result = $db->query('SELECT * FROM ' . $db->quote_identifier($address_table) + .' WHERE `owner` = ?', $uname); // ? is replaced with emailaddress // parse addres book while ($sql_array = $db->fetch_assoc($sql_result) ) { // fetch one row from result @@ -186,5 +188,4 @@ class squirrelmail_usercopy extends rcube_plugin } } // end if 'sql'-driver } - } |