Fixed incorrect escaping when using backslashes

8 years ago · 6db83d45e2
parent deeeaa56ea
commit 6db83d45e2
1 changed files with 4 additions and 0 deletions
--- a/php/Modules/Database.php
+++ b/php/Modules/Database.php
@ -356,6 +356,10 @@ final class Database {

 			}

+			// Put a backslash in front of every character that is part of the regular
+			// expression syntax. Avoids a backreference when using preg_replace.
+			$value = preg_quote($value);
+
 			// Replace
 			$query = preg_replace('/\?/', $value, $query, 1);