summaryrefslogtreecommitdiffstats
path: root/system/database
diff options
context:
space:
mode:
authorRick Ellis <rick.ellis@ellislab.com>2008-09-30 21:53:52 +0200
committerRick Ellis <rick.ellis@ellislab.com>2008-09-30 21:53:52 +0200
commit52dc8ca4372eb36e9186cef0e34bf0cafe5b1cd8 (patch)
tree3ac539c147ee57fbc2d7d3c71fac2d1eff2ca241 /system/database
parentfa5c4101d4dc171824e222d4650e0ad15409fce0 (diff)
Added backticks to column names when using insert_string and update_string. Relates to this bug report: http://codeigniter.com/bug_tracker/bug/4509/
Diffstat (limited to 'system/database')
-rw-r--r--system/database/DB_driver.php5
-rw-r--r--system/database/drivers/mssql/mssql_driver.php29
-rw-r--r--system/database/drivers/mysql/mysql_driver.php16
-rw-r--r--system/database/drivers/mysqli/mysqli_driver.php16
-rw-r--r--system/database/drivers/oci8/oci8_driver.php17
-rw-r--r--system/database/drivers/odbc/odbc_driver.php22
-rw-r--r--system/database/drivers/postgre/postgre_driver.php18
-rw-r--r--system/database/drivers/sqlite/sqlite_driver.php20
8 files changed, 124 insertions, 19 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 1450a0644..b937ffd6a 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -911,11 +911,10 @@ class CI_DB_driver {
foreach($data as $key => $val)
{
- $fields[] = $key;
+ $fields[] = $this->_escape_column($key);
$values[] = $this->escape($val);
}
-
return $this->_insert($this->prep_tablename($table), $fields, $values);
}
@@ -940,7 +939,7 @@ class CI_DB_driver {
$fields = array();
foreach($data as $key => $val)
{
- $fields[$key] = $this->escape($val);
+ $fields[$this->_escape_column($key)] = $this->escape($val);
}
if ( ! is_array($where))
diff --git a/system/database/drivers/mssql/mssql_driver.php b/system/database/drivers/mssql/mssql_driver.php
index 5ac90b451..9a912a320 100644
--- a/system/database/drivers/mssql/mssql_driver.php
+++ b/system/database/drivers/mssql/mssql_driver.php
@@ -390,7 +390,24 @@ class CI_DB_mssql_driver extends CI_DB {
// Are error numbers supported?
return '';
}
-
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Escape Column Name
+ *
+ * This function adds backticks around supplied column name
+ *
+ * @access private
+ * @param string the column name
+ * @return string
+ */
+ function _escape_column($column)
+ {
+ // Not necessary with MS SQL so we simply return the value
+ return $column;
+ }
+
// --------------------------------------------------------------------
/**
@@ -405,15 +422,7 @@ class CI_DB_mssql_driver extends CI_DB {
*/
function _escape_table($table)
{
- // I don't believe this is necessary with MS SQL. Not sure, though. - Rick
-
- /*
- if (strpos($table, '.') !== FALSE)
- {
- $table = '"' . str_replace('.', '"."', $table) . '"';
- }
- */
-
+ // Not necessary with MS SQL so we simply return the value
return $table;
}
diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php
index 9d9b6512b..de372e669 100644
--- a/system/database/drivers/mysql/mysql_driver.php
+++ b/system/database/drivers/mysql/mysql_driver.php
@@ -398,6 +398,22 @@ class CI_DB_mysql_driver extends CI_DB {
{
return mysql_errno($this->conn_id);
}
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Escape Column Name
+ *
+ * This function adds backticks around supplied column name
+ *
+ * @access private
+ * @param string the column name
+ * @return string
+ */
+ function _escape_column($column)
+ {
+ return '`' .$column. '`';
+ }
// --------------------------------------------------------------------
diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php
index cd683dfe7..35a7fc077 100644
--- a/system/database/drivers/mysqli/mysqli_driver.php
+++ b/system/database/drivers/mysqli/mysqli_driver.php
@@ -394,6 +394,22 @@ class CI_DB_mysqli_driver extends CI_DB {
{
return mysqli_errno($this->conn_id);
}
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Escape Column Name
+ *
+ * This function adds backticks around supplied column name
+ *
+ * @access private
+ * @param string the column name
+ * @return string
+ */
+ function _escape_column($column)
+ {
+ return '`' .$column. '`';
+ }
// --------------------------------------------------------------------
diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php
index 765c3f6c9..b45b00326 100644
--- a/system/database/drivers/oci8/oci8_driver.php
+++ b/system/database/drivers/oci8/oci8_driver.php
@@ -506,6 +506,23 @@ class CI_DB_oci8_driver extends CI_DB {
$error = ocierror($this->conn_id);
return $error['code'];
}
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Escape Column Name
+ *
+ * This function adds backticks around supplied column name
+ *
+ * @access private
+ * @param string the column name
+ * @return string
+ */
+ function _escape_column($column)
+ {
+ // Probably not necessary with Oracle so we simply return the value
+ return $column;
+ }
// --------------------------------------------------------------------
diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php
index f89000d83..ed8f81cb9 100644
--- a/system/database/drivers/odbc/odbc_driver.php
+++ b/system/database/drivers/odbc/odbc_driver.php
@@ -371,7 +371,23 @@ class CI_DB_odbc_driver extends CI_DB {
{
return odbc_error($this->conn_id);
}
-
+ // --------------------------------------------------------------------
+
+ /**
+ * Escape Column Name
+ *
+ * This function adds backticks around supplied column name
+ *
+ * @access private
+ * @param string the column name
+ * @return string
+ */
+ function _escape_column($column)
+ {
+ // Not necessary with ODBC so we simply return the value
+ return $column;
+ }
+
// --------------------------------------------------------------------
/**
@@ -386,9 +402,9 @@ class CI_DB_odbc_driver extends CI_DB {
*/
function _escape_table($table)
{
- // used to add backticks in other db drivers
+ // Not necessary with ODBC so we simply return the value
return $table;
- }
+ }
// --------------------------------------------------------------------
diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php
index 7574ded13..3d006d3d6 100644
--- a/system/database/drivers/postgre/postgre_driver.php
+++ b/system/database/drivers/postgre/postgre_driver.php
@@ -391,7 +391,23 @@ class CI_DB_postgre_driver extends CI_DB {
{
return '';
}
-
+ // --------------------------------------------------------------------
+
+ /**
+ * Escape Column Name
+ *
+ * This function adds backticks around supplied column name
+ *
+ * @access private
+ * @param string the column name
+ * @return string
+ */
+ function _escape_column($column)
+ {
+ // Probably not necessary with Postgres so we simply return the value
+ return $column;
+ }
+
// --------------------------------------------------------------------
/**
diff --git a/system/database/drivers/sqlite/sqlite_driver.php b/system/database/drivers/sqlite/sqlite_driver.php
index 5cac04dfa..46e0fae49 100644
--- a/system/database/drivers/sqlite/sqlite_driver.php
+++ b/system/database/drivers/sqlite/sqlite_driver.php
@@ -387,7 +387,24 @@ class CI_DB_sqlite_driver extends CI_DB {
{
return sqlite_last_error($this->conn_id);
}
-
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Escape Column Name
+ *
+ * This function adds backticks around supplied column name
+ *
+ * @access private
+ * @param string the column name
+ * @return string
+ */
+ function _escape_column($column)
+ {
+ // Not necessary with SQLite so we simply return the value
+ return $column;
+ }
+
// --------------------------------------------------------------------
/**
@@ -402,7 +419,6 @@ class CI_DB_sqlite_driver extends CI_DB {
*/
function _escape_table($table)
{
-
// other database drivers use this to add backticks, hence this
// function is simply going to return the tablename for sqlite
return $table;