From eb36858f1aff94ae1665900e681a1cfb78563ee1 Mon Sep 17 00:00:00 2001
From: Sergey Tsalkov <stsalkov@gmail.com>
Date: Mon, 16 Jun 2014 22:40:22 +0000
Subject: [PATCH] columnList() properly escapes table names

---
 db.class.php              |  2 +-
 simpletest/BasicTest.php  | 16 ++++++++++------
 simpletest/ObjectTest.php |  2 +-
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/db.class.php b/db.class.php
index 54e6d9e..e63d966 100644
--- a/db.class.php
+++ b/db.class.php
@@ -385,7 +385,7 @@ class MeekroDB {
   }
   
   public function columnList($table) {
-    return $this->queryOneColumn('Field', "SHOW COLUMNS FROM $table");
+    return $this->queryOneColumn('Field', "SHOW COLUMNS FROM %b", $table);
   }
   
   public function tableList($db = null) {
diff --git a/simpletest/BasicTest.php b/simpletest/BasicTest.php
index 4a9bebd..f924c90 100644
--- a/simpletest/BasicTest.php
+++ b/simpletest/BasicTest.php
@@ -2,7 +2,7 @@
 class BasicTest extends SimpleTest {
   function __construct() {
     foreach (DB::tableList() as $table) {
-      DB::query("DROP TABLE $table");
+      DB::query("DROP TABLE %b", $table);
     }
   }
   
@@ -266,20 +266,24 @@ class BasicTest extends SimpleTest {
   
   
   function test_5_insert_blobs() {
-    DB::query("CREATE TABLE `storedata` (
+    DB::query("CREATE TABLE `store data` (
       `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
       `picture` BLOB
     ) ENGINE = InnoDB");
+
+    $columns = DB::columnList('store data');
+    $this->assert(count($columns) === 2);
+    $this->assert($columns[1] === 'picture');
     
     
     $smile = file_get_contents('smile1.jpg');
-    DB::insert('storedata', array(
+    DB::insert('store data', array(
       'picture' => $smile,
     ));
-    DB::queryOneRow("INSERT INTO storedata (picture) VALUES (%s)", $smile);
+    DB::queryOneRow("INSERT INTO %b (picture) VALUES (%s)", 'store data', $smile);
     
-    $getsmile = DB::queryFirstField("SELECT picture FROM storedata WHERE id=1");
-    $getsmile2 = DB::queryFirstField("SELECT picture FROM storedata WHERE id=2");
+    $getsmile = DB::queryFirstField("SELECT picture FROM %b WHERE id=1", 'store data');
+    $getsmile2 = DB::queryFirstField("SELECT picture FROM %b WHERE id=2", 'store data');
     $this->assert($smile === $getsmile);
     $this->assert($smile === $getsmile2);
   }
diff --git a/simpletest/ObjectTest.php b/simpletest/ObjectTest.php
index 06780ab..87c82bb 100644
--- a/simpletest/ObjectTest.php
+++ b/simpletest/ObjectTest.php
@@ -6,7 +6,7 @@ class ObjectTest extends SimpleTest {
     $this->mdb = new MeekroDB();
     
     foreach ($this->mdb->tableList() as $table) {
-      $this->mdb->query("DROP TABLE $table");
+      $this->mdb->query("DROP TABLE %b", $table);
     }
   }