escape all identifiers with backticks

author: jfd <jfd@underverse> 2012-07-30 20:46:14 +0200
committer: Jörn Friedrich Dreyer <jfd@butonic.de> 2012-07-31 18:53:05 +0200
commit: ede464f05872574a703c36d8d976b5c97e55c23f (patch)
tree: c075f46d52b905a93cb5d3137af5198de83d34f2 /lib/migration
parent: 3c5670b662ea9e5ee36146f10f63faaadacb8187 (diff)
download: nextcloud-server-ede464f05872574a703c36d8d976b5c97e55c23f.tar.gz
nextcloud-server-ede464f05872574a703c36d8d976b5c97e55c23f.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/migration/content.php b/lib/migration/content.php
index 7ef88f36e43..5c89e6bacd6 100644
--- a/lib/migration/content.php
+++ b/lib/migration/content.php
@@ -109,7 +109,7 @@ class OC_Migration_Content{
 			
 			foreach( $options['matchval'] as $matchval ){
 				// Run the query for this match value (where x = y value)
-				$sql = "SELECT * FROM *PREFIX*" . $options['table'] . " WHERE " . $options['matchcol'] . " LIKE ?";
+				$sql = 'SELECT * FROM `*PREFIX*' . $options['table'] . '` WHERE `' . $options['matchcol'] . '` LIKE ?';
 				$query = OC_DB::prepare( $sql );
 				$results = $query->execute( array( $matchval ) );
 				$newreturns = $this->insertData( $results, $options );
@@ -118,7 +118,7 @@ class OC_Migration_Content{
 
 		} else {
 			// Just get everything
-			$sql = "SELECT * FROM *PREFIX*" . $options['table'];
+			$sql = 'SELECT * FROM `*PREFIX*' . $options['table'] . '`';
 			$query = OC_DB::prepare( $sql );
 			$results = $query->execute();
 			$return = $this->insertData( $results, $options );
author	jfd <jfd@underverse>	2012-07-30 20:46:14 +0200
committer	Jörn Friedrich Dreyer <jfd@butonic.de>	2012-07-31 18:53:05 +0200
commit	ede464f05872574a703c36d8d976b5c97e55c23f (patch)
tree	c075f46d52b905a93cb5d3137af5198de83d34f2 /lib/migration
parent	3c5670b662ea9e5ee36146f10f63faaadacb8187 (diff)
download	nextcloud-server-ede464f05872574a703c36d8d976b5c97e55c23f.tar.gz nextcloud-server-ede464f05872574a703c36d8d976b5c97e55c23f.zip