From 7b57b5d4b860e1cba1df1d44f099a9d61d969018 Mon Sep 17 00:00:00 2001
From: jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
Date: Mon, 22 Jun 2009 05:19:26 +0000
Subject: [PATCH] Escape identifier

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@748 7c3ca157-0c34-0410-bff1-cbf682f78f5c
---
 adminer/create.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/adminer/create.inc.php b/adminer/create.inc.php
index 0abd497d..7a469bfc 100644
--- a/adminer/create.inc.php
+++ b/adminer/create.inc.php
@@ -52,10 +52,10 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"] && !$_POST["up"]
 			if ($_POST["partition_by"] == 'RANGE' || $_POST["partition_by"] == 'LIST') {
 				foreach (array_filter($_POST["partition_names"]) as $key => $val) {
 					$value = $_POST["partition_values"][$key];
-					$partitions[] = "\nPARTITION $val VALUES " . ($_POST["partition_by"] == 'RANGE' ? "LESS THAN" : "IN") . (strlen($value) ? " ($value)" : " MAXVALUE"); //! SQL injection
+					$partitions[] = "\nPARTITION " . idf_escape($val) . " VALUES " . ($_POST["partition_by"] == 'RANGE' ? "LESS THAN" : "IN") . (strlen($value) ? " ($value)" : " MAXVALUE"); //! SQL injection
 				}
 			}
-			$status .= "\nPARTITION BY $_POST[partition_by]($_POST[partition])" . ($partitions ? " (" . implode(",", $partitions) . "\n)" : ($_POST["partitions"] ? " PARTITIONS " . intval($_POST["partitions"]) : ""));
+			$status .= "\nPARTITION BY $_POST[partition_by]($_POST[partition])" . ($partitions ? " (" . implode(",", $partitions) . "\n)" : ($_POST["partitions"] ? " PARTITIONS " . intval($_POST["partitions"]) : "")); // $_POST["partition"] can be expression, not only column
 		} elseif ($dbh->server_info >= 5.1 && strlen($_GET["create"])) {
 			$status .= "\nREMOVE PARTITIONING";
 		}