beenull/adminerevo
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Fix where() escaping in MS SQL (bug #496)

Browse source
This commit is contained in:
Jakub Vrana 2017-02-20 15:23:22 +01:00
parent 8a9d803137
commit a0a1476e5b
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
adminer/include/functions.inc.php
View file

@ -412,10 +412,10 @@ function where($where, $fields = array()) {
$key = bracket_escape($key, 1); // 1 - back
$column = escape_key($key);
$return[] = $column
. (($jush == "sql" && preg_match('~^[0-9]*\\.[0-9]*$~', $val)) || $jush == "mssql"
? " LIKE " . q(addcslashes($val, "%_\\"))
. ($jush == "sql" && preg_match('~^[0-9]*\\.[0-9]*$~', $val) ? " LIKE " . q(addcslashes($val, "%_\\"))
: ($jush == "mssql" ? " LIKE " . q(preg_replace('~[_%[]~', '[\0]', $val))
: " = " . unconvert_field($fields[$key], q($val))
) // LIKE because of floats but slow with ints, in MS SQL because of text
)) // LIKE because of floats but slow with ints, in MS SQL because of text
; //! enum and set
if ($jush == "sql" && preg_match('~char|text~', $fields[$key]["type"]) && preg_match("~[^ -@]~", $val)) { // not just [a-z] to catch non-ASCII characters
$return[] = "$column = " . q($val) . " COLLATE " . charset($connection) . "_bin";