summaryrefslogtreecommitdiffstats
path: root/kamailio-model.lua
diff options
context:
space:
mode:
Diffstat (limited to 'kamailio-model.lua')
-rw-r--r--kamailio-model.lua4
1 files changed, 2 insertions, 2 deletions
diff --git a/kamailio-model.lua b/kamailio-model.lua
index b015c35..1ba7956 100644
--- a/kamailio-model.lua
+++ b/kamailio-model.lua
@@ -458,7 +458,7 @@ function update_table_entry(self, entry, action, create)
if create then
sql = "INSERT INTO "..escape(entry.value.table.value).." ("..table.concat(names, ", ")..") VALUES('"..table.concat(values, "', '").."')"
else
- sql = "UPDATE "..entry.value.table.value.." SET ("..table.concat(names, ", ")..") = ('"..table.concat(values, "', '").."') WHERE id='"..escape(entry.value.id.value).."'"
+ sql = "UPDATE "..escape(entry.value.table.value).." SET ("..table.concat(names, ", ")..") = ('"..table.concat(values, "', '").."') WHERE id='"..escape(entry.value.id.value).."'"
end
runsqlcommand(sql)
end
@@ -547,7 +547,7 @@ function search_database(id, value, comparison)
retval.result = cfe({type="structure", value={}, label="List of Rows", seq=4 })
local table, column = string.match(id, "^([^.]*)%.(.*)")
if table then
- local sql = "SELECT * FROM "..table.." WHERE "..column..comparison.."'"..value.."'"
+ local sql = "SELECT * FROM "..escape(table).." WHERE "..escape(column)..escape(comparison).."'"..escape(value).."'"
retval.result.value = getselectresponse(sql)
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-06 21:15:09 +0000