Commit fe8fb79d authored by Alexander Butenko's avatar Alexander Butenko

Merge pull request #336 from avbdr/master

Allow " and ' chars in orderBy
parents bf235793 8d53d6aa
...@@ -714,7 +714,7 @@ class MysqliDb ...@@ -714,7 +714,7 @@ class MysqliDb
{ {
$allowedDirection = Array ("ASC", "DESC"); $allowedDirection = Array ("ASC", "DESC");
$orderbyDirection = strtoupper (trim ($orderbyDirection)); $orderbyDirection = strtoupper (trim ($orderbyDirection));
$orderByField = preg_replace ("/[^-a-z0-9\.\(\),_`\*]+/i",'', $orderByField); $orderByField = preg_replace ("/[^-a-z0-9\.\(\),_`\*\'\"]+/i",'', $orderByField);
// Add table prefix to orderByField if needed. // Add table prefix to orderByField if needed.
//FIXME: We are adding prefix only if table is enclosed into `` to distinguish aliases //FIXME: We are adding prefix only if table is enclosed into `` to distinguish aliases
...@@ -1240,8 +1240,10 @@ class MysqliDb ...@@ -1240,8 +1240,10 @@ class MysqliDb
{ {
if ($this->isSubQuery) if ($this->isSubQuery)
return; return;
if ($this->_mysqli) if ($this->_mysqli) {
$this->_mysqli->close(); $this->_mysqli->close();
$this->_mysqli = null;
}
} }
/** /**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment