... | ... |
@@ -1697,15 +1697,6 @@ sub _where_clause_and_param { |
1697 | 1697 |
if defined $table_quote; |
1698 | 1698 |
push @$clause, "$column_quote = :$column"; |
1699 | 1699 |
} |
1700 |
- |
|
1701 |
- # Check unsafety column |
|
1702 |
- my $safety = $self->{safety_character}; |
|
1703 |
- unless ($column_join =~ /^[$safety\.]+$/) { |
|
1704 |
- for my $column (keys %$where) { |
|
1705 |
- croak qq{"$column" is not safety column name } . _subname |
|
1706 |
- unless $column =~ /^[$safety\.]+$/; |
|
1707 |
- } |
|
1708 |
- } |
|
1709 | 1700 |
|
1710 | 1701 |
$w->{clause} = @$clause ? "where ( " . join(' and ', @$clause) . " ) " : '' ; |
1711 | 1702 |
$w->{param} = $where; |
... | ... |
@@ -1348,6 +1348,9 @@ $dbi->insert({$key1 => 1, $key2 => 2}, table => $table1); |
1348 | 1348 |
$row = $dbi->select($key1, table => $table1)->one; |
1349 | 1349 |
is_deeply($row, {$key1 => 1}); |
1350 | 1350 |
|
1351 |
+eval { $dbi->select(table => $table1, where => {';' => 1}) }; |
|
1352 |
+like($@, qr/safety/); |
|
1353 |
+ |
|
1351 | 1354 |
test 'fetch filter'; |
1352 | 1355 |
eval { $dbi->execute("drop table $table1") }; |
1353 | 1356 |
$dbi->register_filter( |