diff options
| author | Andrey Andreev <narf@bofh.bg> | 2012-04-06 20:10:40 +0200 |
|---|---|---|
| committer | Andrey Andreev <narf@bofh.bg> | 2012-04-06 20:10:40 +0200 |
| commit | fcdfcf9d8808c89e137ecce14b40936cffd99e83 (patch) | |
| tree | 6887654802b9e228486720b69b74bb362e60033e /system/database/DB_driver.php | |
| parent | fd105ab7f05e64c0d9188e43c6fd6a2bb2c6cf7f (diff) | |
| parent | ea09a8a5552f2aacdeab0c88a605fe44047ebd0a (diff) | |
Merge upstream branch
Diffstat (limited to 'system/database/DB_driver.php')
| -rw-r--r-- | system/database/DB_driver.php | 45 |
1 files changed, 41 insertions, 4 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index dea705054..8b030af77 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -901,6 +901,43 @@ abstract class CI_DB_driver { // -------------------------------------------------------------------- /** + * Escape the SQL Identifiers + * + * This function escapes column and table names + * + * @param string + * @return string + */ + public function escape_identifiers($item) + { + if ($this->_escape_char == '') + { + return $item; + } + + foreach ($this->_reserved_identifiers as $id) + { + if (strpos($item, '.'.$id) !== FALSE) + { + $item = str_replace('.', $this->_escape_char.'.', $item); + + // remove duplicates if the user already included the escape + return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $this->_escape_char.$item); + } + } + + if (strpos($item, '.') !== FALSE) + { + $item = str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item); + } + + // remove duplicates if the user already included the escape + return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $this->_escape_char.$item.$this->_escape_char); + } + + // -------------------------------------------------------------------- + + /** * Generate an insert string * * @param string the table upon which the query will be performed @@ -913,7 +950,7 @@ abstract class CI_DB_driver { foreach ($data as $key => $val) { - $fields[] = $this->_escape_identifiers($key); + $fields[] = $this->escape_identifiers($key); $values[] = $this->escape($val); } @@ -1254,7 +1291,7 @@ abstract class CI_DB_driver { { if ( ! in_array($val, $this->_reserved_identifiers)) { - $parts[$key] = $this->_escape_identifiers($val); + $parts[$key] = $this->escape_identifiers($val); } } @@ -1311,7 +1348,7 @@ abstract class CI_DB_driver { if ($protect_identifiers === TRUE) { - $item = $this->_escape_identifiers($item); + $item = $this->escape_identifiers($item); } return $item.$alias; @@ -1334,7 +1371,7 @@ abstract class CI_DB_driver { if ($protect_identifiers === TRUE && ! in_array($item, $this->_reserved_identifiers)) { - $item = $this->_escape_identifiers($item); + $item = $this->escape_identifiers($item); } return $item.$alias; |