search

stefangabos / Zebra_Session

A drop-in replacement for PHP's default session handler which stores session data in a MySQL database, providing better performance, better security and protection against session fixation and session hijacking
https://stefangabos.github.io/Zebra_Session/Zebra_Session/Zebra_Session.html
Other
172 stars 85 forks source link

Added backtick quotation for table name in read query. #27

Closed more7dev closed 5 years ago

more7dev commented 5 years ago

This is a small bugfix. Using non-default table name for session data storage could lead to errors i.e. if table name contains spaces. This fix could be further expanded to include table name escaping using proper mysql functions to quote identifiers.

stefangabos commented 5 years ago

this is a good idea but it really makes no sense in changing it in a single place rather than everywhere...

the solution should be to change the line

$this->table_name = $table_name;

to

$this->table_name = '`' . trim($table_name, '`') . '`';