From 2899965ba664798bc64ce41d319d5c39c7f4f71c Mon Sep 17 00:00:00 2001
From: Jaroslav Mallat <jaroslav.mallat@gmail.com>
Date: Wed, 3 May 2017 09:41:37 +0200
Subject: [PATCH] fix unescaped ' on udger_devicename_list tab

---
 src/Parser.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Parser.php b/src/Parser.php
index 4413015..5095fd3 100644
--- a/src/Parser.php
+++ b/src/Parser.php
@@ -435,7 +435,7 @@ public function parse()
                                 $qC=$this->dbdat->query("SELECT marketname,brand_code,brand,brand_url,icon,icon_big
                                                          FROM udger_devicename_list
                                                          JOIN udger_devicename_brand ON udger_devicename_brand.id=udger_devicename_list.brand_id 
-                                                         WHERE regex_id=".$r["id"]." and code = '".trim($result[1])."' COLLATE NOCASE  ");
+                                                         WHERE regex_id=".$r["id"]." and code = '".\SQLite3::escapeString(trim($result[1]))."' COLLATE NOCASE  ");
 
                                 if($rC = $qC->fetchArray(SQLITE3_ASSOC)) {
                                     $this->logger->debug("parse useragent string: device marketname found");