summaryrefslogtreecommitdiffstats
path: root/system/database/DB_driver.php
diff options
context:
space:
mode:
authorAndrey Andreev <narf@bofh.bg>2012-07-17 23:46:33 +0200
committerAndrey Andreev <narf@bofh.bg>2012-07-17 23:46:33 +0200
commit6e7047576338e896a43a35eb2fa79136adc01d8d (patch)
tree70afe45c9ce42390ebc1df213efe27be64fd7f34 /system/database/DB_driver.php
parent4253d320e229150eab6e5d0333508c85e434f3e3 (diff)
Fix WHERE escaping/prefixing
Diffstat (limited to 'system/database/DB_driver.php')
-rw-r--r--system/database/DB_driver.php17
1 files changed, 15 insertions, 2 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index d63a1d955..b7c6b4e8e 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -1168,8 +1168,21 @@ abstract class CI_DB_driver {
*/
protected function _get_operator($str)
{
- return preg_match('/(=|!|<|>| IS NULL| IS NOT NULL| BETWEEN)/i', $str, $match)
- ? $match[1] : FALSE;
+ static $_operators = array(
+ '\s*(?:<|>|!)?=\s*', // =, <=, >=, !=
+ '\s*<>?\s*', // <, <>
+ '\s*>\s*', // >
+ '\s+IS NULL', // IS NULL
+ '\s+IS NOT NULL', // IS NOT NULL
+ '\s+LIKE\s+', // LIKE
+ '\s+NOT LIKE\s+', // NOT LIKE
+ '\s+BETWEEN\s+\S+\s+AND\s+\S+', // BETWEEN value AND value
+ '\s+IN\s*\([^\)]+\)', // IN(list)
+ '\s+NOT IN\s*\([^\)]+\)' // NOT IN (list)
+ );
+
+ return preg_match('/'.implode('|', $_operators).'/i', $str, $match)
+ ? $match[0] : FALSE;
}
// --------------------------------------------------------------------