From 2fa04d8fc19d0d5094b01cc469f90c9b17046738 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Thu, 9 Jan 2014 11:47:43 -0600
Subject: [PATCH] Use backticks rather than quotes

For use in the materialized view column names
---
 include/class.dynamic_forms.php | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/include/class.dynamic_forms.php b/include/class.dynamic_forms.php
index 69e5a2e40..ca0906688 100644
--- a/include/class.dynamic_forms.php
+++ b/include/class.dynamic_forms.php
@@ -210,15 +210,15 @@ class TicketForm extends DynamicForm {
             if (!$impl->hasData() || $impl->isPresentationOnly())
                 continue;
 
-            $name = ($f->get('name')) ? db_real_escape($f->get('name'))
+            $name = ($f->get('name')) ? $f->get('name')
                 : 'field_'.$f->get('id');
 
             $fields[] = sprintf(
-                'MAX(IF(field.name=\'%1$s\',ans.value,NULL)) as "%1$s"',
+                'MAX(IF(field.name=\'%1$s\',ans.value,NULL)) as `%1$s`',
                 $name);
             if ($impl->hasIdValue()) {
                 $fields[] = sprintf(
-                    'MAX(IF(field.name=\'%1$s\',ans.value_id,NULL)) as "%1$s_id"',
+                    'MAX(IF(field.name=\'%1$s\',ans.value_id,NULL)) as `%1$s_id`',
                     $name);
             }
         }
@@ -270,16 +270,17 @@ class TicketForm extends DynamicForm {
             return;
 
         $f = $answer->getField();
-        $name = $f->get('name') ? db_real_escape($f->get('name'))
+        $name = $f->get('name') ? $f->get('name')
             : 'field_'.$f->get('id');
         $ids = $f->hasIdValue();
-        $fields = sprintf('"%s"=', $name) . db_input($answer->get('value'));
+        $fields = sprintf('`%s`=', $name) . db_input($answer->get('value'));
         if ($f->hasIdValue())
-            $fields .= sprintf(',"%s_id"=', $name) . db_input($answer->getIdValue());
+            $fields .= sprintf(',`%s_id`=', $name) . db_input($answer->getIdValue());
         $sql = 'INSERT INTO `'.TABLE_PREFIX.'ticket__cdata` SET '.$fields
             .', `ticket_id`='.db_input($answer->getEntry()->get('object_id'))
             .' ON DUPLICATE KEY UPDATE '.$fields;
-        db_query($sql);
+        if (!db_query($sql) || !db_affected_rows())
+            return self::dropDynamicDataView();
     }
 }
 // Add fields from the standard ticket form to the ticket filterable fields
-- 
GitLab