From: Stéphane Jacob <sj@m4x.org>
Date: Fri, 25 Jun 2010 07:51:52 +0000 (+0200)
Subject: Prenvents '##' to be escaped to '' in SQL querries (Closes #1156).
X-Git-Tag: core/1.1.0~1
X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=f3e3cab808bd91a37bd86b8ac3a0ddcbf0ec7a55;p=platal.git

Prenvents '##' to be escaped to '' in SQL querries (Closes #1156).

Signed-off-by: Stéphane Jacob <sj@m4x.org>
---

diff --git a/classes/xdb.php b/classes/xdb.php
index e715eef..6a15660 100644
--- a/classes/xdb.php
+++ b/classes/xdb.php
@@ -49,7 +49,7 @@ class XDB
     {
         global $globals;
         $query    = array_map(Array('XDB', 'escape'), $args);
-        $query[0] = preg_replace('/#([a-z0-9]*)#/', $globals->dbprefix . '$1', $args[0]);
+        $query[0] = preg_replace('/#([a-z0-9]+)#/', $globals->dbprefix . '$1', $args[0]);
         $query[0] = str_replace('%',   '%%', $query[0]);
         $query[0] = str_replace('{?}', '%s', $query[0]);
         return call_user_func_array('sprintf', $query);