From 4ed844ffd5e19a7e95c47e34dbf7d3fd83039d3c Mon Sep 17 00:00:00 2001
From: Adam <Adam@anope.org>
Date: Fri, 2 Mar 2012 17:05:59 -0500
Subject: Escape all column names when building sql queries

---
 modules/database/db_sql_live_write.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/database/db_sql_live_write.cpp')

diff --git a/modules/database/db_sql_live_write.cpp b/modules/database/db_sql_live_write.cpp
index 9ac2e17a1..0692f7f30 100644
--- a/modules/database/db_sql_live_write.cpp
+++ b/modules/database/db_sql_live_write.cpp
@@ -73,7 +73,7 @@ class DBMySQL : public Module
 		query_text.erase(query_text.end() - 1);
 		query_text += ") ON DUPLICATE KEY UPDATE ";
 		for (Serializable::serialized_data::const_iterator it = data.begin(), it_end = data.end(); it != it_end; ++it)
-			query_text += it->first + "=VALUES(" + it->first + "),";
+			query_text += "`" + it->first + "`=VALUES(`" + it->first + "`),";
 		query_text.erase(query_text.end() - 1);
 
 		SQLQuery query(query_text);
-- 
cgit