enygma
commented
7 years ago PR for this fix was merged - closing.
Closed geralt closed 7 years ago
enygma
commented
7 years ago PR for this fix was merged - closing.
The convertFromSQLKeywords() function try to convert several chars to others for a later analysis. But the line below has a problem:
$value = preg_replace('/,null/ims', ',0', $value);If you send the string "select 1,null;" convertFromSQLKeywords() converts it into "select 1,0;" but adding an extra white space after semicolon ("select 1, null;") the function is bypassed. A possible solution is replace:
$value = preg_replace('/,null/ims', ',0', $value);with:
$value = preg_replace('/,\s+null/ims', ',0', $value);Regards