summaryrefslogtreecommitdiff
path: root/plugins/squirrelmail_usercopy/squirrelmail_usercopy.php
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2014-09-12 14:37:51 +0200
committerAleksander Machniak <alec@alec.pl>2014-09-12 14:37:51 +0200
commit34a0902089a410d1f7dda78d1f8b0771333c09df (patch)
tree729c7a994d64b7dbf9f78656d95b34846cae58ba /plugins/squirrelmail_usercopy/squirrelmail_usercopy.php
parent8cc65d1f5fae71e2ee07748e82ab274d8d45304b (diff)
Use consistent column/table quoting in sql queries
Diffstat (limited to 'plugins/squirrelmail_usercopy/squirrelmail_usercopy.php')
-rw-r--r--plugins/squirrelmail_usercopy/squirrelmail_usercopy.php7
1 files changed, 4 insertions, 3 deletions
diff --git a/plugins/squirrelmail_usercopy/squirrelmail_usercopy.php b/plugins/squirrelmail_usercopy/squirrelmail_usercopy.php
index e882a2f37..7f378678e 100644
--- a/plugins/squirrelmail_usercopy/squirrelmail_usercopy.php
+++ b/plugins/squirrelmail_usercopy/squirrelmail_usercopy.php
@@ -164,14 +164,16 @@ class squirrelmail_usercopy extends rcube_plugin
if ($db_charset)
$db->query('SET NAMES '.$db_charset);
- $sql_result = $db->query('SELECT * FROM '.$userprefs_table.' WHERE user=?', $uname); // ? is replaced with emailaddress
+ $sql_result = $db->query('SELECT * FROM ' . $db->quote_identifier($userprefs_table)
+ .' WHERE `user` = ?', $uname); // ? is replaced with emailaddress
while ($sql_array = $db->fetch_assoc($sql_result) ) { // fetch one row from result
$this->prefs[$sql_array['prefkey']] = rcube_charset::convert(rtrim($sql_array['prefval']), $db_charset);
}
/* retrieve address table data */
- $sql_result = $db->query('SELECT * FROM '.$address_table.' WHERE owner=?', $uname); // ? is replaced with emailaddress
+ $sql_result = $db->query('SELECT * FROM ' . $db->quote_identifier($address_table)
+ .' WHERE `owner` = ?', $uname); // ? is replaced with emailaddress
// parse addres book
while ($sql_array = $db->fetch_assoc($sql_result) ) { // fetch one row from result
@@ -186,5 +188,4 @@ class squirrelmail_usercopy extends rcube_plugin
}
} // end if 'sql'-driver
}
-
}