From f3e3cab808bd91a37bd86b8ac3a0ddcbf0ec7a55 Mon Sep 17 00:00:00 2001 From: =?utf8?q?St=C3=A9phane=20Jacob?= Date: Fri, 25 Jun 2010 09:51:52 +0200 Subject: [PATCH] Prenvents '##' to be escaped to '' in SQL querries (Closes #1156). MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Stéphane Jacob --- classes/xdb.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/classes/xdb.php b/classes/xdb.php index e715eef..6a15660 100644 --- a/classes/xdb.php +++ b/classes/xdb.php @@ -49,7 +49,7 @@ class XDB { global $globals; $query = array_map(Array('XDB', 'escape'), $args); - $query[0] = preg_replace('/#([a-z0-9]*)#/', $globals->dbprefix . '$1', $args[0]); + $query[0] = preg_replace('/#([a-z0-9]+)#/', $globals->dbprefix . '$1', $args[0]); $query[0] = str_replace('%', '%%', $query[0]); $query[0] = str_replace('{?}', '%s', $query[0]); return call_user_func_array('sprintf', $query); -- 2.1.4