summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrey Andreev <narf@bofh.bg>2012-06-17 16:29:57 +0200
committerAndrey Andreev <narf@bofh.bg>2012-06-17 16:29:57 +0200
commit929fd2d52beb779e46681d35f8ff138aa65cb8df (patch)
treeeaad2c75479b83b47f85318e79c97731f1684ed6
parentd1cace76965f71107aca63df1057b98df8d3b85a (diff)
Improve escaping, support for table names with spaces and fix where() for strings with no spaces around operators
-rw-r--r--system/database/DB_driver.php56
-rw-r--r--system/database/DB_query_builder.php4
-rw-r--r--system/database/drivers/postgre/postgre_driver.php4
3 files changed, 30 insertions, 34 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 28d665fdf..4ec20f45d 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -1086,6 +1086,20 @@ abstract class CI_DB_driver {
// --------------------------------------------------------------------
/**
+ * Returns the SQL string operator
+ *
+ * @param string
+ * @return string
+ */
+ protected function _get_operator($str)
+ {
+ return preg_match('/(=|!|<|>| IS NULL| IS NOT NULL| BETWEEN)/i', $str, $match)
+ ? $match[1] : FALSE;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* Enables a native PHP function to be run, using a platform agnostic wrapper.
*
* @param string the function name
@@ -1336,39 +1350,21 @@ abstract class CI_DB_driver {
// Convert tabs or multiple spaces into single spaces
$item = preg_replace('/\s+/', ' ', $item);
- static $preg_ec = array();
-
- if (empty($preg_ec))
+ // If the item has an alias declaration we remove it and set it aside.
+ // Note: strripos() is used in order to support spaces in table names
+ if ($offset = strripos($item, ' AS '))
{
- if (is_array($this->_escape_char))
- {
- $preg_ec = array(preg_quote($this->_escape_char[0]), preg_quote($this->_escape_char[1]));
- }
- else
- {
- $preg_ec[0] = $preg_ec[1] = preg_quote($this->_escape_char);
- }
+ $alias = ($protect_identifiers)
+ ? substr($item, $offset, 4).$this->escape_identifiers(substr($item, $offset + 4))
+ : substr($item, $offset);
+ $item = substr($item, 0, $offset);
}
-
- // If the item has an alias declaration we remove it and set it aside.
- // Basically we remove everything to the right of the first space
- preg_match('/^(('.$preg_ec[0].'[^'.$preg_ec[1].']+'.$preg_ec[1].')|([^'.$preg_ec[0].'][^\s]+))( AS)*(.+)*$/i', $item, $matches);
-
- if (isset($matches[4]))
+ elseif ($offset = strrpos($item, ' '))
{
- $item = $matches[1];
-
- // Escape the alias, if needed
- if ($protect_identifiers === TRUE)
- {
- $alias = empty($matches[5])
- ? ' '.$this->escape_identifiers(ltrim($matches[4]))
- : $matches[4].' '.$this->escape_identifiers(ltrim($matches[5]));
- }
- else
- {
- $alias = $matches[4].$matches[5];
- }
+ $alias = ($protect_identifiers)
+ ? ' '.$this->escape_identifiers(substr($item, $offset + 1))
+ : substr($item, $offset);
+ $item = substr($item, 0, $offset);
}
else
{
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index 531ca9eb7..27f9f363b 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php
@@ -459,8 +459,8 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
{
$prefix = (count($this->qb_where) === 0 && count($this->qb_cache_where) === 0) ? '' : $type;
- $k = $this->_has_operator($k)
- ? $this->protect_identifiers(substr($k, 0, strpos(rtrim($k), ' ')), FALSE, $escape).strchr(rtrim($k), ' ')
+ $k = (($op = $this->_get_operator($k)) !== FALSE)
+ ? $this->protect_identifiers(substr($k, 0, strpos($k, $op)), FALSE, $escape).strstr($k, $op)
: $this->protect_identifiers($k, FALSE, $escape);
if (is_null($v) && ! $this->_has_operator($k))
diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php
index 3d25b25ee..23826a0ae 100644
--- a/system/database/drivers/postgre/postgre_driver.php
+++ b/system/database/drivers/postgre/postgre_driver.php
@@ -612,8 +612,8 @@ class CI_DB_postgre_driver extends CI_DB {
{
$prefix = (count($this->qb_where) === 0 && count($this->qb_cache_where) === 0) ? '' : $type;
- $k = $this->_has_operator($k)
- ? $this->protect_identifiers(substr($k, 0, strpos(rtrim($k), ' ')), FALSE, $escape).strchr(rtrim($k), ' ')
+ $k = (($op = $this->_get_operator($k)) !== FALSE)
+ ? $this->protect_identifiers(substr($k, 0, strpos($k, $op)), FALSE, $escape).strstr($k, $op)
: $this->protect_identifiers($k, FALSE, $escape);
if (is_null($v) && ! $this->_has_operator($k))