All database names are now 'back-ticked' and constant _MYSQL_PREFIX is wrapped. Partl...

[mailer.git] / inc / db / lib-mysql3.php

diff --git a/inc/db/lib-mysql3.php b/inc/db/lib-mysql3.php
index ada4e4795f987c93e10cac39cca0930700b5df66..0767c5f1628823eea4a731644b4cc9b306f0eae0 100644 (file)
--- a/inc/db/lib-mysql3.php
+++ b/inc/db/lib-mysql3.php
@@ -313,14 +313,27 @@ function SQL_ESCAPE ($str, $secureString=true,$strip=true) {
                return addslashes($str);
        }
 }
+
 // SELECT query string from table, columns and so on... ;-)
 function SQL_RESULT_FROM_ARRAY ($table, $columns, $idRow, $id, $F, $L) {
+       // Is columns an array?
+       if (!is_array($columns) {
+               // No array
+               trigger_error(sprintf("columns is not array. %s!=array", gettype($columns)));
+       }
+
        // Prepare the SQL statement
-       $SQL = "SELECT ".implode(", ", $columns)." FROM "._MYSQL_PREFIX."_".$table." WHERE ".$idRow."=%s LIMIT 1";
+       $SQL = "SELECT `".implode("`, `", $columns)."` FROM `{!_MYSQL_PREFIX!}_%s` WHERE ``='%s' LIMIT 1";
 
        // Return the result
-       return SQL_QUERY_ESC($SQL, array(bigintval($id)), $F, $L);
+       return SQL_QUERY_ESC($SQL,
+               array(
+                       bigintval($id),
+                       $table,
+                       $idRow
+               ), $F, $L);
 }
+
 // ALTER TABLE wrapper function
 function SQL_ALTER_TABLE ($sql, $F, $L) {
        // This is the default result...