summaryrefslogtreecommitdiffstats
path: root/system/database
diff options
context:
space:
mode:
authorPhil Sturgeon <email@philsturgeon.co.uk>2011-09-24 15:30:15 +0200
committerPhil Sturgeon <email@philsturgeon.co.uk>2011-09-24 15:30:15 +0200
commit66575267c85ef469a134b1d2eab5275bf24c7a27 (patch)
treedf684d043b4303b1cabdd18b56e49aa2907207de /system/database
parentd26133be24eef68b1bead61e7e808f4424a71a0a (diff)
parentdc46d99fe8ab2058df15c6a7608e5ae41ffffb2b (diff)
Merge pull request #487 from narfbg/ci-issue-82
Escape WHERE clause field names in the DB update_string() method (Issue #82)
Diffstat (limited to 'system/database')
-rw-r--r--system/database/DB_driver.php3
1 files changed, 2 insertions, 1 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 300ca2977..12c0530c5 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -950,6 +950,7 @@ class CI_DB_driver {
foreach ($where as $key => $val)
{
$prefix = (count($dest) == 0) ? '' : ' AND ';
+ $key = $this->_protect_identifiers($key);
if ($val !== '')
{
@@ -1390,4 +1391,4 @@ class CI_DB_driver {
/* End of file DB_driver.php */
-/* Location: ./system/database/DB_driver.php */ \ No newline at end of file
+/* Location: ./system/database/DB_driver.php */