projects / civicrm-core.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
CRM-14676 - need to escape names before inserting into prev_next_cache
[civicrm-core.git] / CRM / Contact / Selector.php
diff --git a/CRM/Contact/Selector.php b/CRM/Contact/Selector.php
index aa040d8e9b2c24a2500058773b7f8d8092f279ed..ad3f6f119b2216522acfc11037052d98895d2103 100644 (file)
--- a/CRM/Contact/Selector.php
+++ b/CRM/Contact/Selector.php
@@ -964,7 +964,7 @@ SELECT 'civicrm_contact', contact_a.id, contact_a.id, '$cacheKey', contact_a.dis
     // build insert query, note that currently we build cache for 500 contact records at a time, hence below approach
     $insertValues = array();
     while($dao->fetch()) {
-      $insertValues[] = "('civicrm_contact', {$dao->contact_id}, {$dao->contact_id}, '{$cacheKey}', '{$dao->sort_name}')";
+      $insertValues[] = "('civicrm_contact', {$dao->contact_id}, {$dao->contact_id}, '{$cacheKey}', '" . CRM_Core_DAO::escapeString($dao->sort_name) . "')";
     }
 
     //update pre/next cache using single insert query