From 86d212f4f1b565c93ab0fa196de672da4e4a0d98 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Thu, 21 Jan 2021 16:10:36 +0100
Subject: [PATCH] fixes #1292 ability to avoid the reserved words escape in
 pwg_query

Useful for conf_update_param because we don't want any modification in the config.value and we know we won't use the reserved words in the SQL.
---
 include/dblayer/functions_mysql.inc.php  | 2 +-
 include/dblayer/functions_mysqli.inc.php | 6 +++---
 include/functions.inc.php                | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/include/dblayer/functions_mysql.inc.php b/include/dblayer/functions_mysql.inc.php
index 1ea188f42..25e589162 100644
--- a/include/dblayer/functions_mysql.inc.php
+++ b/include/dblayer/functions_mysql.inc.php
@@ -61,7 +61,7 @@ function pwg_get_db_version()
   return mysql_get_server_info();
 }
 
-function pwg_query($query)
+function pwg_query($query, $escape_reserved_words=true)
 {
   global $conf,$page,$debug,$t2;
 
diff --git a/include/dblayer/functions_mysqli.inc.php b/include/dblayer/functions_mysqli.inc.php
index ff5b8f229..f9a68d391 100644
--- a/include/dblayer/functions_mysqli.inc.php
+++ b/include/dblayer/functions_mysqli.inc.php
@@ -124,12 +124,12 @@ function pwg_get_db_version()
  * @param string $query
  * @return mysqli_result|bool
  */
-function pwg_query($query)
+function pwg_query($query, $escape_reserved_words=true)
 {
   global $mysqli, $conf, $page, $debug, $t2;
 
   // starting with MySQL 8, rank becomes a reserved keyword, we need to escape it
-  if (preg_match('/\brank\b/', $query))
+  if ($escape_reserved_words and preg_match('/\brank\b/', $query))
   {
     // first we unescape what's already escaped (to avoid double escaping)
     $query = preg_replace('/`rank`/', 'rank', $query);
@@ -137,7 +137,7 @@ function pwg_query($query)
     $query = preg_replace('/\brank\b/', '`rank`', $query);
   }
 
-  if (preg_match('/\bgroups\b/', $query))
+  if ($escape_reserved_words and preg_match('/\bgroups\b/', $query))
   {
     // first we unescape what's already escaped (to avoid double escaping)
     $query = preg_replace('/`groups`/', 'groups', $query);
diff --git a/include/functions.inc.php b/include/functions.inc.php
index c9124e70e..f5b69c744 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -1381,7 +1381,7 @@ INSERT INTO
   ON DUPLICATE KEY UPDATE value = \''.$dbValue.'\'
 ;';
 
-  pwg_query($query);
+  pwg_query($query, false);
 
   if ($updateGlobal)
   {