escape identifiers in queries

2012-10-02 14:10:44 +02:00 · 2012-10-02 14:10:44 +02:00 · 39735721ec
parent 3e3038cafc
commit 39735721ec
1 changed files with 9 additions and 9 deletions
--- a/apps/files/appinfo/update.php
+++ b/apps/files/appinfo/update.php
@ -1,16 +1,16 @@
 <?php

-// fix webdav properties,add namespace in front of the property, update for OC4.5
-$installedVersion=OCP\Config::getAppValue('files', 'installed_version');
-if (version_compare($installedVersion, '1.1.6', '<')) {
-	$query = OC_DB::prepare( "SELECT propertyname, propertypath, userid FROM `*PREFIX*properties`" );
-	$result = $query->execute();
+// fix webdav properties,add namespace in front of the property, update for OC4.5
+$installedVersion=OCP\Config::getAppValue('files', 'installed_version');
+if (version_compare($installedVersion, '1.1.6', '<')) {
+	$query = OC_DB::prepare( "SELECT `propertyname`, `propertypath`, `userid` FROM `*PREFIX*properties`" );
+	$result = $query->execute();
 	while( $row = $result->fetchRow()){
-		if ( $row["propertyname"][0] != '{' ) {
-			$query = OC_DB::prepare( 'UPDATE *PREFIX*properties SET propertyname = ? WHERE userid = ? AND propertypath = ?' );
+		if ( $row["propertyname"][0] != '{' ) {
+			$query = OC_DB::prepare( 'UPDATE `*PREFIX*properties` SET `propertyname` = ? WHERE `userid` = ? AND `propertypath` = ?' );
 			$query->execute( array( '{DAV:}' + $row["propertyname"], $row["userid"], $row["propertypath"] ));
-		}
-	}
+		}
+	}
 }

 //update from OC 3