Commit e2f99d4e authored by Crell's avatar Crell Committed by effulgentsia

Properly escape SQL table.

parent 07a81f6d
......@@ -62,7 +62,7 @@ public function matchRequestPartial(Request $request) {
$ancestors = $this->getCandidateOutlines($parts);
$routes = $this->connection->query("SELECT name, route FROM {{$this->tableName}} WHERE pattern_outline IN (:patterns) ORDER BY fit", array(
$routes = $this->connection->query("SELECT name, route FROM {" . $this->connection->escapeTable($this->tableName) . "} WHERE pattern_outline IN (:patterns) ORDER BY fit", array(
':patterns' => $ancestors,
))
->fetchAllKeyed();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment