quote any variable usages in SQL

2024-02-26 12:27:23 -08:00
parent 61cfa6896d
commit a5480c70cb
2 changed files with 4 additions and 4 deletions
--- a/pg4wp/rewriters/SelectSQLRewriter.php
+++ b/pg4wp/rewriters/SelectSQLRewriter.php
@ -373,7 +373,7 @@ class SelectSQLRewriter extends AbstractSQLRewriter
        INNER JOIN 
            pg_stat_user_tables S ON (S.relid = C.oid) 
        WHERE 
-            N.nspname = $schema AND 
+            N.nspname = '$schema' AND 
            C.relname IN ('wp_comments','wp_options','wp_posts','wp_terms','wp_users')
        GROUP BY 
            C.relname, pg_total_relation_size(C.oid), S.n_live_tup;
--- a/pg4wp/rewriters/ShowTableStatusSQLRewriter.php
+++ b/pg4wp/rewriters/ShowTableStatusSQLRewriter.php
@ -42,9 +42,9 @@ class ShowTableStatusSQLRewriter extends AbstractSQLRewriter
            pg_namespace nsp ON cls.relnamespace = nsp.oid
        WHERE 
            cls.relkind = 'r' 
-            AND nsp.nspname NOT LIKE 'pg_%' -- Ignore schemas with names starting with pg_
-            AND nsp.nspname != 'information_schema' -- Ignore the information_schema
-            AND nsp.nspname = $schema -- Select only tables in the 'myschema' schema
+            AND nsp.nspname NOT LIKE 'pg_%' 
+            AND nsp.nspname != 'information_schema' 
+            AND nsp.nspname = '$schema' 
        ORDER BY 
            cls.relname ASC;
        SQL;