diff options
author | Rick Ellis <rick.ellis@ellislab.com> | 2008-09-30 21:53:52 +0200 |
---|---|---|
committer | Rick Ellis <rick.ellis@ellislab.com> | 2008-09-30 21:53:52 +0200 |
commit | 52dc8ca4372eb36e9186cef0e34bf0cafe5b1cd8 (patch) | |
tree | 3ac539c147ee57fbc2d7d3c71fac2d1eff2ca241 /system/database | |
parent | fa5c4101d4dc171824e222d4650e0ad15409fce0 (diff) |
Added backticks to column names when using insert_string and update_string. Relates to this bug report: http://codeigniter.com/bug_tracker/bug/4509/
Diffstat (limited to 'system/database')
-rw-r--r-- | system/database/DB_driver.php | 5 | ||||
-rw-r--r-- | system/database/drivers/mssql/mssql_driver.php | 29 | ||||
-rw-r--r-- | system/database/drivers/mysql/mysql_driver.php | 16 | ||||
-rw-r--r-- | system/database/drivers/mysqli/mysqli_driver.php | 16 | ||||
-rw-r--r-- | system/database/drivers/oci8/oci8_driver.php | 17 | ||||
-rw-r--r-- | system/database/drivers/odbc/odbc_driver.php | 22 | ||||
-rw-r--r-- | system/database/drivers/postgre/postgre_driver.php | 18 | ||||
-rw-r--r-- | system/database/drivers/sqlite/sqlite_driver.php | 20 |
8 files changed, 124 insertions, 19 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 1450a0644..b937ffd6a 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -911,11 +911,10 @@ class CI_DB_driver { foreach($data as $key => $val)
{
- $fields[] = $key;
+ $fields[] = $this->_escape_column($key);
$values[] = $this->escape($val);
}
-
return $this->_insert($this->prep_tablename($table), $fields, $values);
}
@@ -940,7 +939,7 @@ class CI_DB_driver { $fields = array();
foreach($data as $key => $val)
{
- $fields[$key] = $this->escape($val);
+ $fields[$this->_escape_column($key)] = $this->escape($val);
}
if ( ! is_array($where))
diff --git a/system/database/drivers/mssql/mssql_driver.php b/system/database/drivers/mssql/mssql_driver.php index 5ac90b451..9a912a320 100644 --- a/system/database/drivers/mssql/mssql_driver.php +++ b/system/database/drivers/mssql/mssql_driver.php @@ -390,7 +390,24 @@ class CI_DB_mssql_driver extends CI_DB { // Are error numbers supported?
return '';
}
-
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Escape Column Name
+ *
+ * This function adds backticks around supplied column name
+ *
+ * @access private
+ * @param string the column name
+ * @return string
+ */
+ function _escape_column($column)
+ {
+ // Not necessary with MS SQL so we simply return the value
+ return $column;
+ }
+
// --------------------------------------------------------------------
/**
@@ -405,15 +422,7 @@ class CI_DB_mssql_driver extends CI_DB { */
function _escape_table($table)
{
- // I don't believe this is necessary with MS SQL. Not sure, though. - Rick
-
- /*
- if (strpos($table, '.') !== FALSE)
- {
- $table = '"' . str_replace('.', '"."', $table) . '"';
- }
- */
-
+ // Not necessary with MS SQL so we simply return the value
return $table;
}
diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php index 9d9b6512b..de372e669 100644 --- a/system/database/drivers/mysql/mysql_driver.php +++ b/system/database/drivers/mysql/mysql_driver.php @@ -398,6 +398,22 @@ class CI_DB_mysql_driver extends CI_DB { {
return mysql_errno($this->conn_id);
}
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Escape Column Name
+ *
+ * This function adds backticks around supplied column name
+ *
+ * @access private
+ * @param string the column name
+ * @return string
+ */
+ function _escape_column($column)
+ {
+ return '`' .$column. '`';
+ }
// --------------------------------------------------------------------
diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index cd683dfe7..35a7fc077 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -394,6 +394,22 @@ class CI_DB_mysqli_driver extends CI_DB { {
return mysqli_errno($this->conn_id);
}
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Escape Column Name
+ *
+ * This function adds backticks around supplied column name
+ *
+ * @access private
+ * @param string the column name
+ * @return string
+ */
+ function _escape_column($column)
+ {
+ return '`' .$column. '`';
+ }
// --------------------------------------------------------------------
diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php index 765c3f6c9..b45b00326 100644 --- a/system/database/drivers/oci8/oci8_driver.php +++ b/system/database/drivers/oci8/oci8_driver.php @@ -506,6 +506,23 @@ class CI_DB_oci8_driver extends CI_DB { $error = ocierror($this->conn_id);
return $error['code'];
}
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Escape Column Name
+ *
+ * This function adds backticks around supplied column name
+ *
+ * @access private
+ * @param string the column name
+ * @return string
+ */
+ function _escape_column($column)
+ {
+ // Probably not necessary with Oracle so we simply return the value
+ return $column;
+ }
// --------------------------------------------------------------------
diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php index f89000d83..ed8f81cb9 100644 --- a/system/database/drivers/odbc/odbc_driver.php +++ b/system/database/drivers/odbc/odbc_driver.php @@ -371,7 +371,23 @@ class CI_DB_odbc_driver extends CI_DB { {
return odbc_error($this->conn_id);
}
-
+ // --------------------------------------------------------------------
+
+ /**
+ * Escape Column Name
+ *
+ * This function adds backticks around supplied column name
+ *
+ * @access private
+ * @param string the column name
+ * @return string
+ */
+ function _escape_column($column)
+ {
+ // Not necessary with ODBC so we simply return the value
+ return $column;
+ }
+
// --------------------------------------------------------------------
/**
@@ -386,9 +402,9 @@ class CI_DB_odbc_driver extends CI_DB { */
function _escape_table($table)
{
- // used to add backticks in other db drivers
+ // Not necessary with ODBC so we simply return the value
return $table;
- }
+ }
// --------------------------------------------------------------------
diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php index 7574ded13..3d006d3d6 100644 --- a/system/database/drivers/postgre/postgre_driver.php +++ b/system/database/drivers/postgre/postgre_driver.php @@ -391,7 +391,23 @@ class CI_DB_postgre_driver extends CI_DB { {
return '';
}
-
+ // --------------------------------------------------------------------
+
+ /**
+ * Escape Column Name
+ *
+ * This function adds backticks around supplied column name
+ *
+ * @access private
+ * @param string the column name
+ * @return string
+ */
+ function _escape_column($column)
+ {
+ // Probably not necessary with Postgres so we simply return the value
+ return $column;
+ }
+
// --------------------------------------------------------------------
/**
diff --git a/system/database/drivers/sqlite/sqlite_driver.php b/system/database/drivers/sqlite/sqlite_driver.php index 5cac04dfa..46e0fae49 100644 --- a/system/database/drivers/sqlite/sqlite_driver.php +++ b/system/database/drivers/sqlite/sqlite_driver.php @@ -387,7 +387,24 @@ class CI_DB_sqlite_driver extends CI_DB { {
return sqlite_last_error($this->conn_id);
}
-
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Escape Column Name
+ *
+ * This function adds backticks around supplied column name
+ *
+ * @access private
+ * @param string the column name
+ * @return string
+ */
+ function _escape_column($column)
+ {
+ // Not necessary with SQLite so we simply return the value
+ return $column;
+ }
+
// --------------------------------------------------------------------
/**
@@ -402,7 +419,6 @@ class CI_DB_sqlite_driver extends CI_DB { */
function _escape_table($table)
{
-
// other database drivers use this to add backticks, hence this
// function is simply going to return the tablename for sqlite
return $table;
|