diff options
| author | Andrey Andreev <narf@bofh.bg> | 2011-09-24 15:25:23 +0200 |
|---|---|---|
| committer | Andrey Andreev <narf@bofh.bg> | 2011-09-24 15:25:23 +0200 |
| commit | dc46d99fe8ab2058df15c6a7608e5ae41ffffb2b (patch) | |
| tree | df684d043b4303b1cabdd18b56e49aa2907207de | |
| parent | d26133be24eef68b1bead61e7e808f4424a71a0a (diff) | |
Escape WHERE clause field names in the DB update_string() method
| -rw-r--r-- | system/database/DB_driver.php | 3 | ||||
| -rw-r--r-- | user_guide/changelog.html | 1 |
2 files changed, 3 insertions, 1 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 300ca2977..12c0530c5 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -950,6 +950,7 @@ class CI_DB_driver { foreach ($where as $key => $val) { $prefix = (count($dest) == 0) ? '' : ' AND '; + $key = $this->_protect_identifiers($key); if ($val !== '') { @@ -1390,4 +1391,4 @@ class CI_DB_driver { /* End of file DB_driver.php */ -/* Location: ./system/database/DB_driver.php */
\ No newline at end of file +/* Location: ./system/database/DB_driver.php */ diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 7ff2af2f5..50875abf1 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -132,6 +132,7 @@ Change Log <li>Fixed a bug (#344) - Using schema found in <a href="libraries/sessions.html">Saving Session Data to a Database</a>, system would throw error "user_data does not have a default value" when deleting then creating a session.</li> <li>Fixed a bug (#112) - OCI8 (Oracle) driver didn't pass the configured database character set when connecting.</li> <li>Fixed a bug (#182) - OCI8 (Oracle) driver used to re-execute the statement whenever num_rows() is called.</li> + <li>Fixed a bug (#82) - WHERE clause field names in the DB <samp>update_string()</samp> method were not escaped, resulting in failed queries in some cases.</li> </ul> <h2>Version 2.0.3</h2> |