Fix: Add field quotes (`) to the main server-side processing script. For most cases this will make no difference, but some columns might have a special character in them (- for example) and need this quoting.

2025-01-18 11:52:11 +01:00 · 2011-12-06 10:59:20 +00:00 · 2011-12-06 10:59:20 +00:00 · 8795d97194
commit 8795d97194
parent 07c3d3f5a6
1 changed files with 7 additions and 7 deletions
--- a/examples/server_side/scripts/server_processing.php
+++ b/examples/server_side/scripts/server_processing.php
@ -61,8 +61,8 @@
 		{
 			if ( $_GET[ 'bSortable_'.intval($_GET['iSortCol_'.$i]) ] == "true" )
 			{
-				$sOrder .= $aColumns[ intval( $_GET['iSortCol_'.$i] ) ]."
+				$sOrder .= "`".$aColumns[ intval( $_GET['iSortCol_'.$i] ) ]."` ".
-				 	".mysql_real_escape_string( $_GET['sSortDir_'.$i] ) .", ";
+				 	mysql_real_escape_string( $_GET['sSortDir_'.$i] ) .", ";
 			}
 		}
@ -86,7 +86,7 @@
 		$sWhere = "WHERE (";
 		for ( $i=0 ; $i<count($aColumns) ; $i++ )
 		{
-			$sWhere .= $aColumns[$i]." LIKE '%".mysql_real_escape_string( $_GET['sSearch'] )."%' OR ";
+			$sWhere .= "`".$aColumns[$i]."` LIKE '%".mysql_real_escape_string( $_GET['sSearch'] )."%' OR ";
 		}
 		$sWhere = substr_replace( $sWhere, "", -3 );
 		$sWhere .= ')';
@ -105,7 +105,7 @@
 			{
 				$sWhere .= " AND ";
 			}
-			$sWhere .= $aColumns[$i]." LIKE '%".mysql_real_escape_string($_GET['sSearch_'.$i])."%' ";
+			$sWhere .= "`".$aColumns[$i]."` LIKE '%".mysql_real_escape_string($_GET['sSearch_'.$i])."%' ";
 		}
 	}
@ -115,7 +115,7 @@
 	 * Get data to display
 	 */
 	$sQuery = "
-		SELECT SQL_CALC_FOUND_ROWS ".str_replace(" , ", " ", implode(", ", $aColumns))."
+		SELECT SQL_CALC_FOUND_ROWS `".str_replace(" , ", " ", implode("`, `", $aColumns))."`
 		FROM   $sTable
 		$sWhere
 		$sOrder
@ -133,7 +133,7 @@
 	/* Total data set length */
 	$sQuery = "
-		SELECT COUNT(".$sIndexColumn.")
+		SELECT COUNT(`".$sIndexColumn."`)
 		FROM   $sTable
 	";
 	$rResultTotal = mysql_query( $sQuery, $gaSql['link'] ) or die(mysql_error());