diff options
author | clawoo <alin.claudiu.radut@gmail.com> | 2014-10-20 14:28:08 +0200 |
---|---|---|
committer | clawoo <alin.claudiu.radut@gmail.com> | 2014-10-20 14:28:08 +0200 |
commit | 4a4f5509832412aff3a6fb571d8be2454733e98b (patch) | |
tree | 03dd9a10fc5711a4c74cca063e63162537913476 /system/database/DB_driver.php | |
parent | a779c48da5643ea710da7fc0941a80629a196acf (diff) |
Escape the array elements separately and join them in compile_binds()
Diffstat (limited to 'system/database/DB_driver.php')
-rw-r--r-- | system/database/DB_driver.php | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 094356965..fc1d9566c 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -922,7 +922,12 @@ abstract class CI_DB_driver { do { $c--; - $sql = substr_replace($sql, $this->escape($binds[$c]), $matches[0][$c][1], $ml); + $escaped_value = $this->escape($binds[$c]); + if (is_array($escaped_value)) + { + $escaped_value = '('.implode(',', $escaped_value).')'; + } + $sql = substr_replace($sql, $escaped_value, $matches[0][$c][1], $ml); } while ($c !== 0); @@ -995,7 +1000,7 @@ abstract class CI_DB_driver { if (is_array($str)) { $str = array_map(array(&$this, 'escape'), $str); - return '('.implode(',', $str).')'; + return $str; } elseif (is_string($str) OR (is_object($str) && method_exists($str, '__toString'))) { |