diff options
author | Andrey Andreev <narf@bofh.bg> | 2012-04-06 20:41:58 +0200 |
---|---|---|
committer | Andrey Andreev <narf@bofh.bg> | 2012-04-06 20:41:58 +0200 |
commit | d1587defeb0304755d9a937aa688ee82098de246 (patch) | |
tree | 54904c545b9d6054d49df8f1cbb0fb8f28727495 /system/database/DB_driver.php | |
parent | fd9e46e852d073ae6fb8680f26e9825805104e1c (diff) | |
parent | ea09a8a5552f2aacdeab0c88a605fe44047ebd0a (diff) |
Merge upstream branch
Diffstat (limited to 'system/database/DB_driver.php')
-rw-r--r-- | system/database/DB_driver.php | 47 |
1 files changed, 41 insertions, 6 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 45f17e8ec..8b030af77 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -407,8 +407,6 @@ abstract class CI_DB_driver { $driver = $this->load_rdriver(); $RES = new $driver($this); - $RES->num_rows = $RES->num_rows(); - // Is query caching enabled? If so, we'll serialize the // result object and save it to a cache file. if ($this->cache_on == TRUE && $this->_cache_init()) @@ -903,6 +901,43 @@ abstract class CI_DB_driver { // -------------------------------------------------------------------- /** + * Escape the SQL Identifiers + * + * This function escapes column and table names + * + * @param string + * @return string + */ + public function escape_identifiers($item) + { + if ($this->_escape_char == '') + { + return $item; + } + + foreach ($this->_reserved_identifiers as $id) + { + if (strpos($item, '.'.$id) !== FALSE) + { + $item = str_replace('.', $this->_escape_char.'.', $item); + + // remove duplicates if the user already included the escape + return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $this->_escape_char.$item); + } + } + + if (strpos($item, '.') !== FALSE) + { + $item = str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item); + } + + // remove duplicates if the user already included the escape + return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $this->_escape_char.$item.$this->_escape_char); + } + + // -------------------------------------------------------------------- + + /** * Generate an insert string * * @param string the table upon which the query will be performed @@ -915,7 +950,7 @@ abstract class CI_DB_driver { foreach ($data as $key => $val) { - $fields[] = $this->_escape_identifiers($key); + $fields[] = $this->escape_identifiers($key); $values[] = $this->escape($val); } @@ -1256,7 +1291,7 @@ abstract class CI_DB_driver { { if ( ! in_array($val, $this->_reserved_identifiers)) { - $parts[$key] = $this->_escape_identifiers($val); + $parts[$key] = $this->escape_identifiers($val); } } @@ -1313,7 +1348,7 @@ abstract class CI_DB_driver { if ($protect_identifiers === TRUE) { - $item = $this->_escape_identifiers($item); + $item = $this->escape_identifiers($item); } return $item.$alias; @@ -1336,7 +1371,7 @@ abstract class CI_DB_driver { if ($protect_identifiers === TRUE && ! in_array($item, $this->_reserved_identifiers)) { - $item = $this->_escape_identifiers($item); + $item = $this->escape_identifiers($item); } return $item.$alias; |