From 54373e4e85a1c42c60794a00a1cf4c43eb8cd459 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 12 May 2023 15:07:28 -0400 Subject: [PATCH] It is not necessary to escape the field as cakephp will do it for us --- web/api/app/Controller/Component/FilterComponent.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/api/app/Controller/Component/FilterComponent.php b/web/api/app/Controller/Component/FilterComponent.php index 727c9dff0..cc0762163 100644 --- a/web/api/app/Controller/Component/FilterComponent.php +++ b/web/api/app/Controller/Component/FilterComponent.php @@ -82,7 +82,7 @@ class FilterComponent extends Component { throw new Exception('Invalid operator: ' . $operator); } - $lhs = '`' . $matches['field'] . '` ' . $operator; + $lhs = $matches['field'] . ' ' . $operator; // If the named param contains an array, we want to turn it into an IN condition // Otherwise, we add it right into the $conditions array if (is_array($value)) {