diff --git a/src/Libs/Model.php b/src/Libs/Model.php index fefef4d..8e59f55 100644 --- a/src/Libs/Model.php +++ b/src/Libs/Model.php @@ -380,6 +380,17 @@ class Model { return new static(); } + /** + * Elimina los caracteres que no son alfanuméricos o _. + * + * @param string $string + * + * @return string + */ + private static function cleanString(string $string) :string { + return preg_replace('/[^A-Za-z0-9_]/', '', $string); + } + /** * Define el WHERE en la sentencia SQL. * @@ -407,8 +418,9 @@ class Model { if ($no_filter) { static::$querySelect['where'] = "$column$operatorOrValue$value"; } else { - static::$queryVars[":where_$column"] = $value; - static::$querySelect['where'] = "$column$operatorOrValue:where_$column"; + $cleanColum = static::cleanString($column); + static::$queryVars[":where_$cleanColum"] = $value; + static::$querySelect['where'] = "$column$operatorOrValue:where_$cleanColum"; } return new static(); @@ -554,8 +566,9 @@ class Model { if ($no_filter) static::$querySelect['AndOr'] .= " AND $column$operatorOrValue$value"; else { - static::$queryVars[":and_$column"] = $value; - static::$querySelect['AndOr'] .= " AND $column$operatorOrValue:and_$column"; + $cleanColum = static::cleanString($column); + static::$queryVars[":and_$cleanColum"] = $value; + static::$querySelect['AndOr'] .= " AND $column$operatorOrValue:and_$cleanColum"; } return new static(); @@ -588,8 +601,9 @@ class Model { if ($no_filter) static::$querySelect['AndOr'] .= " OR $column$operatorOrValue$value"; else { - static::$queryVars[":or_$column"] = $value; - static::$querySelect['AndOr'] .= " OR $column$operatorOrValue:or_$column"; + $cleanColum = static::cleanString($column); + static::$queryVars[":or_$cleanColum"] = $value; + static::$querySelect['AndOr'] .= " OR $column$operatorOrValue:or_$cleanColum"; } return new static();