quote identifiers

diff --git a/autocomplete.php b/autocomplete.php
index d2535659354f2756864c48847b71722ad6ecce8b..680eba5f5ec379d7a94c66969fcda11265cbdd34 100644 (file)
--- a/autocomplete.php
+++ b/autocomplete.php
@@ -3,9 +3,10 @@
        $data->clean($_REQUEST['tb']);
        $data->clean($_REQUEST['fk']);
        $data->clean($_REQUEST['v']);
-       
-       $szSQL = 'SELECT * FROM ' . $_REQUEST['tb'] . ' WHERE ' . $_REQUEST['fk']
-               . "::text LIKE '" . $_REQUEST['v'] . "%' ORDER BY ". $_REQUEST['fk'] ." LIMIT 11";
+
+       // FIXME: At some point this should be schema qualified
+       $szSQL = 'SELECT * FROM "' . $_REQUEST['tb'] . '" WHERE "' . $_REQUEST['fk']
+               . "\"::text LIKE '" . $_REQUEST['v'] . "%' ORDER BY \"". $_REQUEST['fk'] .'" LIMIT 11';
 
        $objRes = $data->selectSet($szSQL);
        $arrayRes = array();