Error when scrubbing user information because of lack of escaping

[junaidbhura]

Describe the bug I came across this error when I tried to create a new snapshot:

WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Ath' WHERE meta_key='last_name' AND user_id='xxxx'' at line 1 for query UPDATE wp_usermeta_temp SET meta_value='De'Ath' WHERE meta_key='last_name' AND user_id='xxxx' made by require_once('/home/wpsnapshots/.composer/vendor/10up/wpsnapshots/src/bootstrap.php'), Symfony\Component\Console\Application->run, Symfony\Component\Console\Application->doRun, Symfony\Component\Console\Application->doRunCommand, Symfony\Component\Console\Command\Command->run, WPSnapshots\Command\Create->execute, WPSnapshots\Snapshot::create

The error is caused by these lines: https://github.com/10up/wpsnapshots/blob/f59ac444d4a29414c4acaff3a1926565b052a169/src/classes/Snapshot.php#L616-L618

The problem is it uses a single quote, which conflicts with the apostrophe in the user's name:

meta_value='{$dummy_user['first_name']}'

Steps to Reproduce

1. Make sure you have a user with an apostrophe in their name like Danny De'Ath
2. Create a snapshot
3. Choose to save the database
4. See error

Environment information

• Device: Macbook Pro
• OS: MacOS 10.15.6

Additional context I'm using WP Snapshots with WP Local Docker and the latest WP Snapshots 2.0: 10updocker wpsnapshots create

[jeffpaul]

Closed by #66.