Hardcoded table column names in the ClosureTable model
franzose opened this issue · 0 comments
franzose commented
Originally reported by @devig in #234.
ClosureTable::selectRowsToInsert()
uses hardcoded table column names:
$select = "
SELECT tbl.{$ancestor} AS ancestor, ? AS descendant, tbl.{$depth}+1 AS depth
FROM {$table} AS tbl
WHERE tbl.{$descendant} = ?
UNION ALL
SELECT ? AS ancestor, ? AS descendant, 0 AS depth
";
This will break SQL queries in case of non-standard column names are used. The above should be changed to the below:
$select = "
SELECT tbl.{$ancestor} AS {$ancestor}, ? AS {$descendant}, tbl.{$depth}+1 AS {$depth}
FROM {$table} AS tbl
WHERE tbl.{$descendant} = ?
UNION ALL
SELECT ? AS {$ancestor}, ? AS {$descendant}, 0 AS {$depth}
";