From a98085a9ee12f21c5aa529aebf8e1c6b788a867d Mon Sep 17 00:00:00 2001
From: KHobbits <rob@khobbits.co.uk>
Date: Tue, 3 Nov 2015 16:50:06 +0000
Subject: [PATCH] Quote column titles when sql building to avoid mysql keywords

---
 html/includes/api_functions.inc.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/html/includes/api_functions.inc.php b/html/includes/api_functions.inc.php
index 68a574a590..2e10819b91 100644
--- a/html/includes/api_functions.inc.php
+++ b/html/includes/api_functions.inc.php
@@ -163,23 +163,23 @@ function list_devices() {
     }
 
     if (stristr($order, ' desc') === false && stristr($order, ' asc') === false) {
-        $order .= ' ASC';
+        $order = '`'.$order.'` ASC';
     }
 
     if ($type == 'all' || empty($type)) {
         $sql = '1';
     }
     elseif ($type == 'ignored') {
-        $sql = "ignore='1' AND disabled='0'";
+        $sql = "`ignore`='1' AND `disabled`='0'";
     }
     elseif ($type == 'up') {
-        $sql = "status='1' AND ignore='0' AND disabled='0'";
+        $sql = "`status`='1' AND `ignore`='0' AND `disabled`='0'";
     }
     elseif ($type == 'down') {
-        $sql = "status='0' AND ignore='0' AND disabled='0'";
+        $sql = "`status`='0' AND `ignore`='0' AND `disabled`='0'";
     }
     elseif ($type == 'disabled') {
-        $sql = "disabled='1'";
+        $sql = "`disabled`='1'";
     }
     elseif ($type == 'mac') {
         $join = " LEFT JOIN `ports` ON `devices`.`device_id`=`ports`.`device_id` LEFT JOIN `ipv4_mac` ON `ports`.`port_id`=`ipv4_mac`.`port_id` ";