diff options
author | Andrey Andreev <narf@bofh.bg> | 2012-06-17 16:29:57 +0200 |
---|---|---|
committer | Andrey Andreev <narf@bofh.bg> | 2012-06-17 16:29:57 +0200 |
commit | 929fd2d52beb779e46681d35f8ff138aa65cb8df (patch) | |
tree | eaad2c75479b83b47f85318e79c97731f1684ed6 /system/database/DB_query_builder.php | |
parent | d1cace76965f71107aca63df1057b98df8d3b85a (diff) |
Improve escaping, support for table names with spaces and fix where() for strings with no spaces around operators
Diffstat (limited to 'system/database/DB_query_builder.php')
-rw-r--r-- | system/database/DB_query_builder.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 531ca9eb7..27f9f363b 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -459,8 +459,8 @@ abstract class CI_DB_query_builder extends CI_DB_driver { { $prefix = (count($this->qb_where) === 0 && count($this->qb_cache_where) === 0) ? '' : $type; - $k = $this->_has_operator($k) - ? $this->protect_identifiers(substr($k, 0, strpos(rtrim($k), ' ')), FALSE, $escape).strchr(rtrim($k), ' ') + $k = (($op = $this->_get_operator($k)) !== FALSE) + ? $this->protect_identifiers(substr($k, 0, strpos($k, $op)), FALSE, $escape).strstr($k, $op) : $this->protect_identifiers($k, FALSE, $escape); if (is_null($v) && ! $this->_has_operator($k)) |