rawQuery: do not escape quotes

avbdr · avbdr · commit ce7d9e8bee92 · 2014-06-26T17:56:46.000+03:00
diff --git a/MysqliDb.php b/MysqliDb.php
@@ -193,7 +193,7 @@ public function setPrefix($prefix = '')
      */
     public function rawQuery($query, $bindParams = null)
     {
-        $this->_query = filter_var ($query, FILTER_SANITIZE_MAGIC_QUOTES,
+        $this->_query = filter_var ($query, FILTER_SANITIZE_STRING,
                                     FILTER_FLAG_NO_ENCODE_QUOTES);
         $stmt = $this->_prepareQuery();
 

Original file line number	Diff line number	Diff line change
`@@ -193,7 +193,7 @@ public function setPrefix($prefix = '')`
`193`	`193`	`*/`
`194`	`194`	`public function rawQuery($query, $bindParams = null)`
`195`	`195`	`{`
`196`		`- $this->_query = filter_var ($query, FILTER_SANITIZE_MAGIC_QUOTES,`
	`196`	`+ $this->_query = filter_var ($query, FILTER_SANITIZE_STRING,`
`197`	`197`	`FILTER_FLAG_NO_ENCODE_QUOTES);`
`198`	`198`	`$stmt = $this->_prepareQuery();`
`199`	`199`