summaryrefslogtreecommitdiffstats
path: root/system/database
diff options
context:
space:
mode:
authorclawoo <alin.claudiu.radut@gmail.com>2014-10-18 13:47:04 +0200
committerclawoo <alin.claudiu.radut@gmail.com>2014-10-18 13:47:04 +0200
commita779c48da5643ea710da7fc0941a80629a196acf (patch)
tree7aa5fee3f9a39b27937772d4c3cea6bfc0179a7a /system/database
parent58743d7492234272d9a0cb14117415b461cd6e8b (diff)
Escape arrays sent as binding values for database queries.
Diffstat (limited to 'system/database')
-rw-r--r--system/database/DB_driver.php7
1 files changed, 6 insertions, 1 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 62cea758e..094356965 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -992,7 +992,12 @@ abstract class CI_DB_driver {
*/
public function escape($str)
{
- if (is_string($str) OR (is_object($str) && method_exists($str, '__toString')))
+ if (is_array($str))
+ {
+ $str = array_map(array(&$this, 'escape'), $str);
+ return '('.implode(',', $str).')';
+ }
+ elseif (is_string($str) OR (is_object($str) && method_exists($str, '__toString')))
{
return "'".$this->escape_str($str)."'";
}