Add some more escape calls

Fix for alpine linux bug #2103

1 files changed, 2 insertions, 2 deletions

diff --git a/kamailio-model.lua b/kamailio-model.lua
index b015c35..1ba7956 100644
--- a/kamailio-model.lua
+++ b/kamailio-model.lua
@@ -458,7 +458,7 @@ function update_table_entry(self, entry, action, create)
 				if create then
 					sql = "INSERT INTO "..escape(entry.value.table.value).." ("..table.concat(names, ", ")..") VALUES('"..table.concat(values, "', '").."')"
 				else
-					sql = "UPDATE "..entry.value.table.value.." SET ("..table.concat(names, ", ")..") = ('"..table.concat(values, "', '").."') WHERE id='"..escape(entry.value.id.value).."'"
+					sql = "UPDATE "..escape(entry.value.table.value).." SET ("..table.concat(names, ", ")..") = ('"..table.concat(values, "', '").."') WHERE id='"..escape(entry.value.id.value).."'"
 				end
 				runsqlcommand(sql)
 			end
@@ -547,7 +547,7 @@ function search_database(id, value, comparison)
 			retval.result = cfe({type="structure", value={}, label="List of Rows", seq=4 })
 			local table, column = string.match(id, "^([^.]*)%.(.*)")
 			if table then
-				local sql = "SELECT * FROM "..table.." WHERE "..column..comparison.."'"..value.."'"
+				local sql = "SELECT * FROM "..escape(table).." WHERE "..escape(column)..escape(comparison).."'"..escape(value).."'"
 				retval.result.value = getselectresponse(sql)
 			end
 		end