Escape the array elements separately and join them in compile_binds()

author: clawoo <alin.claudiu.radut@gmail.com> 2014-10-20 14:28:08 +0200
committer: clawoo <alin.claudiu.radut@gmail.com> 2014-10-20 14:28:08 +0200
commit: 4a4f5509832412aff3a6fb571d8be2454733e98b (patch)
tree: 03dd9a10fc5711a4c74cca063e63162537913476
parent: a779c48da5643ea710da7fc0941a80629a196acf (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 094356965..fc1d9566c 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -922,7 +922,12 @@ abstract class CI_DB_driver {
 		do
 		{
 			$c--;
-			$sql = substr_replace($sql, $this->escape($binds[$c]), $matches[0][$c][1], $ml);
+			$escaped_value = $this->escape($binds[$c]);
+			if (is_array($escaped_value))
+			{
+				$escaped_value = '('.implode(',', $escaped_value).')';
+			}
+			$sql = substr_replace($sql, $escaped_value, $matches[0][$c][1], $ml);
 		}
 		while ($c !== 0);
 
@@ -995,7 +1000,7 @@ abstract class CI_DB_driver {
 		if (is_array($str))
 		{
 			$str = array_map(array(&$this, 'escape'), $str);
-			return '('.implode(',', $str).')';
+			return $str;
 		}
 		elseif (is_string($str) OR (is_object($str) && method_exists($str, '__toString')))
 		{
author	clawoo <alin.claudiu.radut@gmail.com>	2014-10-20 14:28:08 +0200
committer	clawoo <alin.claudiu.radut@gmail.com>	2014-10-20 14:28:08 +0200
commit	4a4f5509832412aff3a6fb571d8be2454733e98b (patch)
tree	03dd9a10fc5711a4c74cca063e63162537913476
parent	a779c48da5643ea710da7fc0941a80629a196acf (diff)