summaryrefslogtreecommitdiffstats
path: root/system/database/DB_driver.php
diff options
context:
space:
mode:
authorTimothy Warren <tim@timshomepage.net>2012-06-12 13:45:45 +0200
committerTimothy Warren <tim@timshomepage.net>2012-06-12 13:45:45 +0200
commitb30a7c0d53c5dae5dab2311f777d67f639a5cee4 (patch)
treed518bc938a5d8458a55277d9adaa7d8fdcc9f1d3 /system/database/DB_driver.php
parent3902e383b41c6c0ef77b65e95d451cb2ea3d85db (diff)
parent4e9538fe19b09c0dc588542cfb7f793348b83bf7 (diff)
Merge upstream
Diffstat (limited to 'system/database/DB_driver.php')
-rw-r--r--system/database/DB_driver.php121
1 files changed, 77 insertions, 44 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 39c19cdf7..88a3b388f 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -596,35 +596,27 @@ abstract class CI_DB_driver {
*/
public function compile_binds($sql, $binds)
{
- if (strpos($sql, $this->bind_marker) === FALSE)
+ if (preg_match_all('/(>|<|=|!)\s*('.preg_quote($this->bind_marker).')/i', $sql, $matches, PREG_SET_ORDER | PREG_OFFSET_CAPTURE) !== count($binds))
{
return $sql;
}
-
- if ( ! is_array($binds))
+ elseif ( ! is_array($binds))
{
$binds = array($binds);
}
-
- // Get the sql segments around the bind markers
- $segments = explode($this->bind_marker, $sql);
-
- // The count of bind should be 1 less then the count of segments
- // If there are more bind arguments trim it down
- if (count($binds) >= count($segments))
+ else
{
- $binds = array_slice($binds, 0, count($segments)-1);
+ // Make sure we're using numeric keys
+ $binds = array_values($binds);
}
- // Construct the binded query
- $result = $segments[0];
- $i = 0;
- foreach ($binds as $bind)
+
+ for ($i = count($matches) - 1; $i >= 0; $i--)
{
- $result .= $this->escape($bind).$segments[++$i];
+ $sql = substr_replace($sql, $this->escape($binds[$i]), $matches[$i][2][1], 1);
}
- return $result;
+ return $sql;
}
// --------------------------------------------------------------------
@@ -934,8 +926,8 @@ abstract class CI_DB_driver {
*
* This function escapes column and table names
*
- * @param string
- * @return string
+ * @param mixed
+ * @return mixed
*/
public function escape_identifiers($item)
{
@@ -943,25 +935,39 @@ abstract class CI_DB_driver {
{
return $item;
}
-
- foreach ($this->_reserved_identifiers as $id)
+ elseif (is_array($item))
{
- if (strpos($item, '.'.$id) !== FALSE)
+ foreach ($item as $key => $value)
{
- $item = str_replace('.', $this->_escape_char.'.', $item);
+ $item[$key] = $this->escape_identifiers($value);
+ }
+
+ return $item;
+ }
+
+ static $preg_ec = array();
- // remove duplicates if the user already included the escape
- return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $this->_escape_char.$item);
+ if (empty($preg_ec))
+ {
+ if (is_array($this->_escape_char))
+ {
+ $preg_ec = array(preg_quote($this->_escape_char[0]), preg_quote($this->_escape_char[1]));
+ }
+ else
+ {
+ $preg_ec[0] = $preg_ec[1] = preg_quote($this->_escape_char);
}
}
- if (strpos($item, '.') !== FALSE)
+ foreach ($this->_reserved_identifiers as $id)
{
- $item = str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item);
+ if (strpos($item, '.'.$id) !== FALSE)
+ {
+ return preg_replace('/'.$preg_ec[0].'?([^'.$preg_ec[1].'\.]+)'.$preg_ec[1].'?\./i', $preg_ec[0].'$1'.$preg_ec[1].'.', $item);
+ }
}
- // remove duplicates if the user already included the escape
- return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $this->_escape_char.$item.$this->_escape_char);
+ return preg_replace('/'.$preg_ec[0].'?([^'.$preg_ec[1].'\.]+)'.$preg_ec[1].'?(\.)?/i', $preg_ec[0].'$1'.$preg_ec[1].'$2', $item);
}
// --------------------------------------------------------------------
@@ -1048,7 +1054,7 @@ abstract class CI_DB_driver {
*/
protected function _has_operator($str)
{
- return (bool) preg_match('/(\s|<|>|!|=|IS NULL|IS NOT NULL)/i', trim($str));
+ return (bool) preg_match('/(\s|<|>|!|=|IS NULL|IS NOT NULL|BETWEEN)/i', trim($str));
}
// --------------------------------------------------------------------
@@ -1286,36 +1292,63 @@ abstract class CI_DB_driver {
$escaped_array = array();
foreach ($item as $k => $v)
{
- $escaped_array[$this->protect_identifiers($k)] = $this->protect_identifiers($v);
+ $escaped_array[$this->protect_identifiers($k)] = $this->protect_identifiers($v, $prefix_single, $protect_identifiers, $field_exists);
}
return $escaped_array;
}
+ // This is basically a bug fix for queries that use MAX, MIN, etc.
+ // If a parenthesis is found we know that we do not need to
+ // escape the data or add a prefix. There's probably a more graceful
+ // way to deal with this, but I'm not thinking of it -- Rick
+ if (strpos($item, '(') !== FALSE)
+ {
+ return $item;
+ }
+
// Convert tabs or multiple spaces into single spaces
- $item = preg_replace('/[\t ]+/', ' ', $item);
+ $item = preg_replace('/\s+/', ' ', $item);
+
+ static $preg_ec = array();
+
+ if (empty($preg_ec))
+ {
+ if (is_array($this->_escape_char))
+ {
+ $preg_ec = array(preg_quote($this->_escape_char[0]), preg_quote($this->_escape_char[1]));
+ }
+ else
+ {
+ $preg_ec[0] = $preg_ec[1] = preg_quote($this->_escape_char);
+ }
+ }
// If the item has an alias declaration we remove it and set it aside.
// Basically we remove everything to the right of the first space
- if (strpos($item, ' ') !== FALSE)
+ preg_match('/^(('.$preg_ec[0].'[^'.$preg_ec[1].']+'.$preg_ec[1].')|([^'.$preg_ec[0].'][^\s]+))( AS)*(.+)*$/i', $item, $matches);
+
+ if (isset($matches[4]))
{
- $alias = strstr($item, ' ');
- $item = substr($item, 0, - strlen($alias));
+ $item = $matches[1];
+
+ // Escape the alias, if needed
+ if ($protect_identifiers === TRUE)
+ {
+ $alias = empty($matches[5])
+ ? ' '.$this->escape_identifiers(ltrim($matches[4]))
+ : $matches[4].' '.$this->escape_identifiers(ltrim($matches[5]));
+ }
+ else
+ {
+ $alias = $matches[4].$matches[5];
+ }
}
else
{
$alias = '';
}
- // This is basically a bug fix for queries that use MAX, MIN, etc.
- // If a parenthesis is found we know that we do not need to
- // escape the data or add a prefix. There's probably a more graceful
- // way to deal with this, but I'm not thinking of it -- Rick
- if (strpos($item, '(') !== FALSE)
- {
- return $item.$alias;
- }
-
// Break the string apart if it contains periods, then insert the table prefix
// in the correct location, assuming the period doesn't indicate that we're dealing
// with an alias. While we're at it, we will escape the components