Use DBA::quoteIdentifier in Database::escapeFields

diff --git a/src/Database/DBA.php b/src/Database/DBA.php
index 9ce2b61473c30e528f233ee9fbb70bf05302c120..677bf1a27f30af4fa4ae833b73fca11964ba25e3 100644 (file)
--- a/src/Database/DBA.php
+++ b/src/Database/DBA.php
@@ -531,9 +531,9 @@ class DBA
        }
 
        /**
-        * Escape an identifier (table or field name) optional with a schema like (schema.)table
+        * Escape an identifier (table or field name) optional with a schema like ((schema.)table.)field
         *
-        * @param $identifier Table, field name
+        * @param string $identifier Table, field name
         * @return string Quotes table or field name
         */
        public static function quoteIdentifier(string $identifier): string

diff --git a/src/Database/Database.php b/src/Database/Database.php
index 3276e90e5294bd9cc35f4871e0156381dd227362..cd2803c0fc5c88368766a76c991beba2a94c8acd 100644 (file)
--- a/src/Database/Database.php
+++ b/src/Database/Database.php
@@ -1438,7 +1438,7 @@ class Database
                array_walk($fields, function(&$value, $key) use ($options)
                {
                        $field = $value;
-                       $value = '`' . str_replace('`', '``', $value) . '`';
+                       $value = DBA::quoteIdentifier($field);
 
                        if (!empty($options['group_by']) && !in_array($field, $options['group_by'])) {
                                $value = 'ANY_VALUE(' . $value . ') AS ' . $value;