Fix WHERE escaping/prefixing

author: Andrey Andreev <narf@bofh.bg> 2012-07-17 23:46:33 +0200
committer: Andrey Andreev <narf@bofh.bg> 2012-07-17 23:46:33 +0200
commit: 6e7047576338e896a43a35eb2fa79136adc01d8d (patch)
tree: 70afe45c9ce42390ebc1df213efe27be64fd7f34 /system/database/DB_driver.php
parent: 4253d320e229150eab6e5d0333508c85e434f3e3 (diff)
1 files changed, 15 insertions, 2 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index d63a1d955..b7c6b4e8e 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -1168,8 +1168,21 @@ abstract class CI_DB_driver {
 	 */
 	protected function _get_operator($str)
 	{
-		return preg_match('/(=|!|<|>| IS NULL| IS NOT NULL| BETWEEN)/i', $str, $match)
-			? $match[1] : FALSE;
+		static $_operators = array(
+			'\s*(?:<|>|!)?=\s*',		// =, <=, >=, !=
+			'\s*<>?\s*',			// <, <>
+			'\s*>\s*',			// >
+			'\s+IS NULL',			// IS NULL
+			'\s+IS NOT NULL',		// IS NOT NULL
+			'\s+LIKE\s+',			// LIKE
+			'\s+NOT LIKE\s+',		// NOT LIKE
+			'\s+BETWEEN\s+\S+\s+AND\s+\S+',	// BETWEEN value AND value
+			'\s+IN\s*\([^\)]+\)',		// IN(list)
+			'\s+NOT IN\s*\([^\)]+\)'	// NOT IN (list)
+		);
+
+		return preg_match('/'.implode('|', $_operators).'/i', $str, $match)
+			? $match[0] : FALSE;
 	}
 
 	// --------------------------------------------------------------------
author	Andrey Andreev <narf@bofh.bg>	2012-07-17 23:46:33 +0200
committer	Andrey Andreev <narf@bofh.bg>	2012-07-17 23:46:33 +0200
commit	6e7047576338e896a43a35eb2fa79136adc01d8d (patch)
tree	70afe45c9ce42390ebc1df213efe27be64fd7f34 /system/database/DB_driver.php
parent	4253d320e229150eab6e5d0333508c85e434f3e3 (diff)