diff options
author | Andrey Andreev <narf@devilix.net> | 2016-10-27 15:55:19 +0200 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2016-10-27 15:55:19 +0200 |
commit | 0c23e9122666a30797079bea9415da135d4f7e12 (patch) | |
tree | 52d59498a7409ee2e5cf8bd2eee1659d397291dd | |
parent | 2b9d88c3fe78218bb9d8bcbb6ea114d190bc0d0e (diff) |
Fix #4871
-rw-r--r-- | system/database/DB_query_builder.php | 8 | ||||
-rw-r--r-- | user_guide_src/source/changelog.rst | 1 |
2 files changed, 6 insertions, 3 deletions
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 7a008eeb8..5491b2000 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -1915,7 +1915,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $affected_rows = 0; for ($i = 0, $total = count($this->qb_set); $i < $total; $i += $batch_size) { - if ($this->query($this->_update_batch($this->protect_identifiers($table, TRUE, NULL, FALSE), array_slice($this->qb_set, $i, $batch_size), $this->protect_identifiers($index)))) + if ($this->query($this->_update_batch($this->protect_identifiers($table, TRUE, NULL, FALSE), array_slice($this->qb_set, $i, $batch_size), $index))) { $affected_rows += $this->affected_rows(); } @@ -1941,6 +1941,8 @@ abstract class CI_DB_query_builder extends CI_DB_driver { */ protected function _update_batch($table, $values, $index) { + $index_escaped = $this->protect_identifiers($index); + $ids = array(); foreach ($values as $key => $val) { @@ -1950,7 +1952,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { { if ($field !== $index) { - $final[$field][] = 'WHEN '.$index.' = '.$val[$index].' THEN '.$val[$field]; + $final[$field][] = 'WHEN '.$index_escaped.' = '.$val[$index].' THEN '.$val[$field]; } } } @@ -1963,7 +1965,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { .'ELSE '.$k.' END, '; } - $this->where($index.' IN('.implode(',', $ids).')', NULL, FALSE); + $this->where($index_escaped.' IN('.implode(',', $ids).')', NULL, FALSE); return 'UPDATE '.$table.' SET '.substr($cases, 0, -2).$this->_compile_wh('qb_where'); } diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 51242efa3..58ca20ee9 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -19,6 +19,7 @@ Bug fixes for 3.1.2 ------------------- - Fixed a regression (#4874) - :doc:`Session Library <libraries/sessions>` didn't take into account ``session.hash_bits_per_character`` when validating session IDs. +- Fixed a bug (#4871) - :doc:`Query Builder <database/query_builder>` method ``update_batch()`` didn't properly handle identifier escaping. Version 3.1.1 ============= |