chg: [internal] Escape table and column name

2022-05-24 14:57:19 +02:00 · 2022-05-24 14:57:19 +02:00 · c4a85b4998
parent 4998ed672e
commit c4a85b4998
1 changed files with 1 additions and 5 deletions
--- a/app/Model/Event.php
+++ b/app/Model/Event.php
@ -1336,11 +1336,7 @@ class Event extends AppModel
        $db->begin();
        $connection = $db->getConnection();
        foreach ($relations as $relation) {
-            if ($this->isMysql()) {
-                $query = $connection->prepare('DELETE FROM ' . $relation['table'] . ' WHERE ' . $relation['foreign_key'] . ' = :value');
-            } else {
-                $query = $connection->prepare('DELETE FROM "' . $relation['table'] . '" WHERE "' . $relation['foreign_key'] . '" = :value');
-            }
+            $query = $connection->prepare('DELETE FROM ' . $db->name($relation['table']) . ' WHERE ' . $db->name($relation['foreign_key']) . ' = :value');
            $query->bindValue(':value', $relation['value'], PDO::PARAM_INT);
            $query->execute();
        }