prep.statement cannot be used for create database query; regex-validate database_name

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2021-10-11 18:55:15 +02:00
parent eb592340b0
commit 5009c625d8
2 changed files with 2 additions and 5 deletions
--- a/lib/Froxlor/Database/Manager/DbManagerMySQL.php
+++ b/lib/Froxlor/Database/Manager/DbManagerMySQL.php
@@ -60,10 +60,7 @@ class DbManagerMySQL
 	 */
 	public function createDatabase($dbname = null)
 	{
-		$stmt = Database::prepare("CREATE DATABASE :dbname");
-		Database::pexecute($stmt, [
-			'dbname' => $dbname
-		]);
+		Database::query("CREATE DATABASE `" . Database::quote($dbname) . "`");
 	}

 	/**