summaryrefslogtreecommitdiffstats
path: root/system/database/DB_driver.php
diff options
context:
space:
mode:
authorAndrey Andreev <narf@bofh.bg>2012-06-10 06:05:05 +0200
committerAndrey Andreev <narf@bofh.bg>2012-06-10 06:05:05 +0200
commitbf94058d537efc78ed2df7009db8b3261ff44619 (patch)
treea98926fa75298cd35ea5f1f9c4fe444125ea746a /system/database/DB_driver.php
parent5a257187c4ca09ea61c19999bf061cec3f224cc2 (diff)
Fix issue #1452
Diffstat (limited to 'system/database/DB_driver.php')
-rw-r--r--system/database/DB_driver.php51
1 files changed, 38 insertions, 13 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index f5a7e2ac0..e34021e50 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -1300,38 +1300,63 @@ abstract class CI_DB_driver {
$escaped_array = array();
foreach ($item as $k => $v)
{
- $escaped_array[$this->protect_identifiers($k)] = $this->protect_identifiers($v);
+ $escaped_array[$this->protect_identifiers($k)] = $this->protect_identifiers($v, $prefix_single, $protect_identifiers, $field_exists);
}
return $escaped_array;
}
+ // This is basically a bug fix for queries that use MAX, MIN, etc.
+ // If a parenthesis is found we know that we do not need to
+ // escape the data or add a prefix. There's probably a more graceful
+ // way to deal with this, but I'm not thinking of it -- Rick
+ if (strpos($item, '(') !== FALSE)
+ {
+ return $item.$alias;
+ }
+
// Convert tabs or multiple spaces into single spaces
$item = preg_replace('/\s+/', ' ', $item);
+ static $preg_ec = array();
+
+ if (empty($preg_ec))
+ {
+ if (is_array($this->_escape_char))
+ {
+ $preg_ec = array(preg_quote($this->_escape_char[0]), preg_quote($this->_escape_char[1]));
+ }
+ else
+ {
+ $preg_ec[0] = $preg_ec[1] = preg_quote($this->_escape_char);
+ }
+ }
+
// If the item has an alias declaration we remove it and set it aside.
// Basically we remove everything to the right of the first space
- if (preg_match('/^([^\s]+) (AS )*(.+)$/i', $item, $matches))
+ preg_match('/^(('.$preg_ec[0].'[^'.$preg_ec[1].']+'.$preg_ec[1].')|([^'.$preg_ec[0].'][^\s]+))( AS)*(.+)*$/i', 'Test table]', $matches);
+
+ if (isset($matches[4]))
{
$item = $matches[1];
- // Escape the alias
- $alias = ' '.$matches[2].$this->escape_identifiers($matches[3]);
+ // Escape the alias, if needed
+ if ($protect_identifiers === TRUE)
+ {
+ $alias = empty($matches[5])
+ ? ' '.$this->escape_identifiers(ltrim($matches[4]))
+ : $matches[4].' '.$this->escape_identifiers(ltrim($matches[5]));
+ }
+ else
+ {
+ $alias = $matches[4].$matches[5];
+ }
}
else
{
$alias = '';
}
- // This is basically a bug fix for queries that use MAX, MIN, etc.
- // If a parenthesis is found we know that we do not need to
- // escape the data or add a prefix. There's probably a more graceful
- // way to deal with this, but I'm not thinking of it -- Rick
- if (strpos($item, '(') !== FALSE)
- {
- return $item.$alias;
- }
-
// Break the string apart if it contains periods, then insert the table prefix
// in the correct location, assuming the period doesn't indicate that we're dealing
// with an alias. While we're at it, we will escape the components