diff options
author | Greg Aker <greg.aker@ellislab.com> | 2011-04-20 23:03:04 +0200 |
---|---|---|
committer | Greg Aker <greg.aker@ellislab.com> | 2011-04-20 23:03:04 +0200 |
commit | e156c6eb4a018a91d3cfcaa2d1fd3b3e67dc2808 (patch) | |
tree | 1ce43f2ddb909e3ea5945f365f771953f7a3cfe2 /system/database | |
parent | e5c8812f4165bf145e550a2f4c0354685c5bdb74 (diff) |
Fixed a bug (Core #340) where when passing in the second parameter to $this->db->select(), column names in subsequent queries would not be properly escaped.
Diffstat (limited to 'system/database')
-rw-r--r-- | system/database/DB_active_rec.php | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php index db8471364..9ceac0b76 100644 --- a/system/database/DB_active_rec.php +++ b/system/database/DB_active_rec.php @@ -58,6 +58,8 @@ class CI_DB_active_record extends CI_DB_driver { var $ar_cache_having = array(); var $ar_cache_orderby = array(); var $ar_cache_set = array(); + + var $ar_no_escape = array(); // -------------------------------------------------------------------- @@ -73,12 +75,6 @@ class CI_DB_active_record extends CI_DB_driver { */ function select($select = '*', $escape = NULL) { - // Set the global value if this was sepecified - if (is_bool($escape)) - { - $this->_protect_identifiers = $escape; - } - if (is_string($select)) { $select = explode(',', $select); @@ -91,6 +87,7 @@ class CI_DB_active_record extends CI_DB_driver { if ($val != '') { $this->ar_select[] = $val; + $this->ar_no_escape[] = $escape; if ($this->ar_caching === TRUE) { @@ -441,10 +438,10 @@ class CI_DB_active_record extends CI_DB_driver { $v = ' '.$this->escape($v); } - + if ( ! $this->_has_operator($k)) { - $k .= ' ='; + $k .= ' = '; } } else @@ -1718,7 +1715,7 @@ class CI_DB_active_record extends CI_DB_driver { // is because until the user calls the from() function we don't know if there are aliases foreach ($this->ar_select as $key => $val) { - $this->ar_select[$key] = $this->_protect_identifiers($val); + $this->ar_select[$key] = $this->_protect_identifiers($val, FALSE, $this->ar_no_escape[$key]); } $sql .= implode(', ', $this->ar_select); @@ -1753,9 +1750,7 @@ class CI_DB_active_record extends CI_DB_driver { if (count($this->ar_where) > 0 OR count($this->ar_like) > 0) { - $sql .= "\n"; - - $sql .= "WHERE "; + $sql .= "\nWHERE "; } $sql .= implode("\n", $this->ar_where); @@ -2032,6 +2027,7 @@ class CI_DB_active_record extends CI_DB_driver { 'ar_orderby' => array(), 'ar_wherein' => array(), 'ar_aliased_tables' => array(), + 'ar_no_escape' => array(), 'ar_distinct' => FALSE, 'ar_limit' => FALSE, 'ar_offset' => FALSE, |