diff options
author | Phil Sturgeon <email@philsturgeon.co.uk> | 2011-02-08 22:19:28 +0100 |
---|---|---|
committer | Phil Sturgeon <email@philsturgeon.co.uk> | 2011-02-08 22:19:28 +0100 |
commit | 3167eebb81d740e0a74b28ff0353dd4fcf110d0e (patch) | |
tree | 405960e9a3313f0220a55cb74e306a88e32c93df | |
parent | ef112c0830df4a31563351125888b0d522a1c965 (diff) |
MySQL Driver will now wrap field names for insert(), update() and replace() with backticks (`) so fields like "default" and "order" will not cause SQL errors.
-rw-r--r-- | system/database/drivers/mysql/mysql_driver.php | 16 | ||||
-rw-r--r-- | user_guide/changelog.html | 1 |
2 files changed, 9 insertions, 8 deletions
diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php index df18c912e..c9fc1ecab 100644 --- a/system/database/drivers/mysql/mysql_driver.php +++ b/system/database/drivers/mysql/mysql_driver.php @@ -287,12 +287,12 @@ class CI_DB_mysql_driver extends CI_DB { if (is_array($str)) { foreach($str as $key => $val) - { + { $str[$key] = $this->escape_str($val, $like); - } + } - return $str; - } + return $str; + } if (function_exists('mysql_real_escape_string') AND is_resource($this->conn_id)) { @@ -532,7 +532,7 @@ class CI_DB_mysql_driver extends CI_DB { */ function _insert($table, $keys, $values) { - return "INSERT INTO ".$table." (".implode(', ', $keys).") VALUES (".implode(', ', $values).")"; + return "INSERT INTO ".$table." (`".implode('`, `', $keys)."`) VALUES (".implode(', ', $values).")"; } // -------------------------------------------------------------------- @@ -551,7 +551,7 @@ class CI_DB_mysql_driver extends CI_DB { */ function _replace($table, $keys, $values) { - return "REPLACE INTO ".$table." (".implode(', ', $keys).") VALUES (".implode(', ', $values).")"; + return "REPLACE INTO ".$table." (`".implode('`, `', $keys)."`) VALUES (".implode(', ', $values).")"; } // -------------------------------------------------------------------- @@ -569,7 +569,7 @@ class CI_DB_mysql_driver extends CI_DB { */ function _insert_batch($table, $keys, $values) { - return "INSERT INTO ".$table." (".implode(', ', $keys).") VALUES ".implode(', ', $values); + return "INSERT INTO ".$table." (`".implode('`, `', $keys)."`) VALUES ".implode(', ', $values); } // -------------------------------------------------------------------- @@ -592,7 +592,7 @@ class CI_DB_mysql_driver extends CI_DB { { foreach($values as $key => $val) { - $valstr[] = $key." = ".$val; + $valstr[] = sprintf('`%s` = %s', $key, $val); } $limit = ( ! $limit) ? '' : ' LIMIT '.$limit; diff --git a/user_guide/changelog.html b/user_guide/changelog.html index cd728226b..0aac5aec5 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -74,6 +74,7 @@ Hg Tag: n/a</p> <h3>Bug fixes for 2.0.1</h3> <ul> <li class="reactor">CLI requests can now be run from any folder, not just when CD'ed next to index.php.</li> + <li class="reactor">MySQL Driver will now wrap field names for insert(), update() and replace() with backticks (`) so fields like "default" and "order" will not cause SQL errors.</li> </ul> <h2>Version 2.0.0</h2> |