Allow backticks in order by

32b81aa1 · Alexander Butenko · 6407b01c · 32b81aa1 · 32b81aa1
Commit 32b81aa1 authored Mar 03, 2015 by Alexander Butenko
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 3 deletions

MysqliDb.php MysqliDb.php +2 -2

tests.php tests.php +2 -1

No files found.
--- a/MysqliDb.php
+++ b/MysqliDb.php
@@ -469,14 +469,14 @@ class MysqliDb
    {
        $allowedDirection = Array ("ASC", "DESC");
        $orderbyDirection = strtoupper (trim ($orderbyDirection));
-        $orderByField = preg_replace ("/[^-a-z0-9\.\(\),_]+/i",'', $orderByField);
+        $orderByField = preg_replace ("/[^-a-z0-9\.\(\),_`]+/i",'', $orderByField);

        if (empty($orderbyDirection) || !in_array ($orderbyDirection, $allowedDirection))
            die ('Wrong order direction: '.$orderbyDirection);

        if (is_array ($customFields)) {
            foreach ($customFields as $key => $value)
-                $customFields[$key] = preg_replace ("/[^-a-z0-9\.\(\),_]+/i",'', $value);
+                $customFields[$key] = preg_replace ("/[^-a-z0-9\.\(\),_`]+/i",'', $value);

            $orderByField = 'FIELD (' . $orderByField . ', "' . implode('","', $customFields) . '")';
        }

--- a/tests.php
+++ b/tests.php
@@ -157,12 +157,13 @@ $q = "drop table {$prefix}test;";
 $db->rawQuery($q);


-$db->orderBy("id","asc");
+$db->orderBy("`id`","asc");
 $users = $db->get("users");
 if ($db->count != 3) {
    echo "Invalid total insert count";
    exit;
 }
+echo $db->getLastQuery();

 // order by field
 $db->orderBy("login","asc", Array ("user3","user2","user1"));