From 39735721ec880e6fbf29c9773f0003c5aaa37454 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= <jfd@butonic.de>
Date: Tue, 2 Oct 2012 14:10:44 +0200
Subject: [PATCH] escape identifiers in queries

---
 apps/files/appinfo/update.php | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/apps/files/appinfo/update.php b/apps/files/appinfo/update.php
index d963b75477..bcbbc6035f 100644
--- a/apps/files/appinfo/update.php
+++ b/apps/files/appinfo/update.php
@@ -1,16 +1,16 @@
 <?php
 
-// fix webdav properties,add namespace in front of the property, update for OC4.5
-$installedVersion=OCP\Config::getAppValue('files', 'installed_version');
-if (version_compare($installedVersion, '1.1.6', '<')) {
-	$query = OC_DB::prepare( "SELECT propertyname, propertypath, userid FROM `*PREFIX*properties`" );
-	$result = $query->execute();
+// fix webdav properties,add namespace in front of the property, update for OC4.5
+$installedVersion=OCP\Config::getAppValue('files', 'installed_version');
+if (version_compare($installedVersion, '1.1.6', '<')) {
+	$query = OC_DB::prepare( "SELECT `propertyname`, `propertypath`, `userid` FROM `*PREFIX*properties`" );
+	$result = $query->execute();
 	while( $row = $result->fetchRow()){
-		if ( $row["propertyname"][0] != '{' ) {
-			$query = OC_DB::prepare( 'UPDATE *PREFIX*properties SET propertyname = ? WHERE userid = ? AND propertypath = ?' );
+		if ( $row["propertyname"][0] != '{' ) {
+			$query = OC_DB::prepare( 'UPDATE `*PREFIX*properties` SET `propertyname` = ? WHERE `userid` = ? AND `propertypath` = ?' );
 			$query->execute( array( '{DAV:}' + $row["propertyname"], $row["userid"], $row["propertypath"] ));
-		}
-	}
+		}
+	}
 }
 
 //update from OC 3