diff options
author | Andrey Andreev <narf@bofh.bg> | 2012-06-16 02:21:20 +0200 |
---|---|---|
committer | Andrey Andreev <narf@bofh.bg> | 2012-06-16 02:21:20 +0200 |
commit | d24160cc4348c32c0c1ec7350e2e2dada2c9291a (patch) | |
tree | 7dacad909a11f01ffeb9342ece8cdc6f85ccdc17 /system/database/DB_query_builder.php | |
parent | 0140ddd510edffb901b98de6b80676ece183760c (diff) |
Changed order_by() default escaping to _protect_identifiers
Diffstat (limited to 'system/database/DB_query_builder.php')
-rw-r--r-- | system/database/DB_query_builder.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 486fda963..5eb6bbb4e 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -967,7 +967,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * @param bool enable field name escaping * @return object */ - public function order_by($orderby, $direction = '', $escape = TRUE) + public function order_by($orderby, $direction = '', $escape = NULL) { if (strtolower($direction) === 'random') { @@ -979,8 +979,9 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $direction = in_array(strtoupper(trim($direction)), array('ASC', 'DESC'), TRUE) ? ' '.$direction : ' ASC'; } + is_bool($escape) OR $escape = $this->_protect_identifiers; - if ((strpos($orderby, ',') !== FALSE) && $escape === TRUE) + if ($escape === TRUE && strpos($orderby, ',') !== FALSE) { $temp = array(); foreach (explode(',', $orderby) as $part) |