From 65aae70e53537845f28745a9455e05f7aa122385 Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Fri, 14 Oct 2016 16:12:45 +0100
Subject: [PATCH] CRM_Contact_BAO_ContactType_ContactTest.testCRM19133 - Fix
 flaky test

This test seems to involve creation of a custom-data group with a randomly
generated name. The random name sometimes begins with a number, which leads
to awkward SQL queries like:

```
INSERT INTO civicrm_value_15e5f1d45a5896753463467e8c380144_1  ( 15e5f1d45a5896753463467e8c380144_1,entity_id ) VALUES (...)
```

This patch updates `CRM_Core_BAO_CustomValueTable` to perform proper escaping on the column name.
---
 CRM/Core/BAO/CustomValueTable.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CRM/Core/BAO/CustomValueTable.php b/CRM/Core/BAO/CustomValueTable.php
index 2c3b5e3a67..76419e3fa7 100644
--- a/CRM/Core/BAO/CustomValueTable.php
+++ b/CRM/Core/BAO/CustomValueTable.php
@@ -241,7 +241,7 @@ class CRM_Core_BAO_CustomValueTable {
             $params[$count] = array($entityID, 'Integer');
             $count++;
 
-            $fieldNames = implode(',', array_keys($set));
+            $fieldNames = implode(',', CRM_Utils_Type::escapeAll(array_keys($set), 'MysqlColumnNameOrAlias'));
             $fieldValues = implode(',', array_values($set));
             $query = "$sqlOP ( $fieldNames ) VALUES ( $fieldValues )";
             // for multiple values we dont do on duplicate key update
-- 
2.25.1