Skip to content

P
PHP-MySQLi-Database-Class
Commit b9a5c77b authored by Alexander Butenko's avatar Alexander Butenko
Browse files
Options

Allow Underscore char in orderBy/groupBy filter as its a legit symbol in names

parent 58938e24
Show whitespace changes
Inline Side-by-side
Showing with 2 additions and 2 deletions
MysqliDb.php
View file @ b9a5c77b
...@@ -339,7 +339,7 @@ class MysqliDb ...@@ -339,7 +339,7 @@ class MysqliDb
{ {
$allowedDirection = Array ("ASC", "DESC"); $allowedDirection = Array ("ASC", "DESC");
$orderbyDirection = strtoupper (trim ($orderbyDirection)); $orderbyDirection = strtoupper (trim ($orderbyDirection));
$orderByField = preg_replace ("/[^-a-z0-9\.\(\),]+/i",'', $orderByField); $orderByField = preg_replace ("/[^-a-z0-9\.\(\),_]+/i",'', $orderByField);
if (empty($orderbyDirection) || !in_array ($orderbyDirection, $allowedDirection)) if (empty($orderbyDirection) || !in_array ($orderbyDirection, $allowedDirection))
die ('Wrong order direction: '.$orderbyDirection); die ('Wrong order direction: '.$orderbyDirection);
...@@ -359,7 +359,7 @@ class MysqliDb ...@@ -359,7 +359,7 @@ class MysqliDb
*/ */
public function groupBy($groupByField) public function groupBy($groupByField)
{ {
$groupByField = preg_replace ("/[^-a-z0-9\.\(\),]+/i",'', $groupByField); $groupByField = preg_replace ("/[^-a-z0-9\.\(\),_]+/i",'', $groupByField);
$this->_groupBy[] = $groupByField; $this->_groupBy[] = $groupByField;
return $this; return $this;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023