diff options
author | Derek Allard <derek.allard@ellislab.com> | 2008-12-15 15:08:35 +0100 |
---|---|---|
committer | Derek Allard <derek.allard@ellislab.com> | 2008-12-15 15:08:35 +0100 |
commit | 911d3e0fdd26ebdcb7c862a2a39ddcaef935d6f7 (patch) | |
tree | 2f3c48275de7ca06073508c956f94befd45066b2 /system/database | |
parent | 01e2009209aaa28fc4b57308b49c7f041fe61ac7 (diff) |
Fixed a bug in database escaping where a compound statement (ie: SUM()) wasn't handled correctly with database prefixes.
Diffstat (limited to 'system/database')
-rw-r--r-- | system/database/DB_driver.php | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 4293acc91..fde0a435f 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -1204,11 +1204,20 @@ class CI_DB_driver { // Basically we remove everything to the right of the first space $alias = ''; if (strpos($item, ' ') !== FALSE) - { + { $alias = strstr($item, " "); $item = substr($item, 0, - strlen($alias)); } + // This is basically a bug fix for queries that use MAX, MIN, etc. + // If a parenthesis is found we know that we do not need to + // escape the data or add a prefix. There's probably a more graceful + // way to deal with this, but I'm not thinking of it -- Rick + if (strpos($item, '(') !== FALSE) + { + return $item.$alias; + } + // Break the string apart if it contains periods, then insert the table prefix // in the correct location, assuming the period doesn't indicate that we're dealing // with an alias. While we're at it, we will escape the components @@ -1220,7 +1229,7 @@ class CI_DB_driver { // one of the aliases previously identified? If so, // we have nothing more to do other than escape the item if (in_array($parts[0], $this->ar_aliased_tables)) - { + { if ($protect_identifiers === TRUE) { foreach ($parts as $key => $val) @@ -1284,15 +1293,6 @@ class CI_DB_driver { return $item.$alias; } - // This is basically a bug fix for queries that use MAX, MIN, etc. - // If a parenthesis is found we know that we do not need to - // escape the data or add a prefix. There's probably a more graceful - // way to deal with this, but I'm not thinking of it -- Rick - if (strpos($item, '(') !== FALSE) - { - return $item.$alias; - } - // Is there a table prefix? If not, no need to insert it if ($this->dbprefix != '') { |