Error when scrubbing user information because of lack of escaping

[junaidbhura]

Describe the bug
I came across this error when I tried to create a new snapshot:

WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Ath' WHERE meta_key='last_name' AND user_id='xxxx'' at line 1 for query UPDATE wp_usermeta_temp SET meta_value='De'Ath' WHERE meta_key='last_name' AND user_id='xxxx' made by require_once('/home/wpsnapshots/.composer/vendor/10up/wpsnapshots/src/bootstrap.php'), Symfony\Component\Console\Application->run, Symfony\Component\Console\Application->doRun, Symfony\Component\Console\Application->doRunCommand, Symfony\Component\Console\Command\Command->run, WPSnapshots\Command\Create->execute, WPSnapshots\Snapshot::create

The error is caused by these lines:

wpsnapshots/src/classes/Snapshot.php

Lines 616 to 618 in f59ac44

	$wpdb->query( "UPDATE {$wpdb->usermeta}_temp SET meta_value='{$dummy_user['first_name']}' WHERE meta_key='first_name' AND user_id='{$user_id}'" );
	$wpdb->query( "UPDATE {$wpdb->usermeta}_temp SET meta_value='{$dummy_user['last_name']}' WHERE meta_key='last_name' AND user_id='{$user_id}'" );
	$wpdb->query( "UPDATE {$wpdb->usermeta}_temp SET meta_value='{$dummy_user['first_name']}' WHERE meta_key='nickname' AND user_id='{$user_id}'" );

The problem is it uses a single quote, which conflicts with the apostrophe in the user's name:

meta_value='{$dummy_user['first_name']}'

Steps to Reproduce

1. Make sure you have a user with an apostrophe in their name like Danny De'Ath
2. Create a snapshot
3. Choose to save the database
4. See error

Environment information

• Device: Macbook Pro
• OS: MacOS 10.15.6

Additional context
I'm using WP Snapshots with WP Local Docker and the latest WP Snapshots 2.0: 10updocker wpsnapshots create

[jeffpaul]

Closed by #66.