diff options
author | clawoo <alin.claudiu.radut@gmail.com> | 2014-10-18 13:47:04 +0200 |
---|---|---|
committer | clawoo <alin.claudiu.radut@gmail.com> | 2014-10-18 13:47:04 +0200 |
commit | a779c48da5643ea710da7fc0941a80629a196acf (patch) | |
tree | 7aa5fee3f9a39b27937772d4c3cea6bfc0179a7a /system | |
parent | 58743d7492234272d9a0cb14117415b461cd6e8b (diff) |
Escape arrays sent as binding values for database queries.
Diffstat (limited to 'system')
-rw-r--r-- | system/database/DB_driver.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 62cea758e..094356965 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -992,7 +992,12 @@ abstract class CI_DB_driver { */ public function escape($str) { - if (is_string($str) OR (is_object($str) && method_exists($str, '__toString'))) + if (is_array($str)) + { + $str = array_map(array(&$this, 'escape'), $str); + return '('.implode(',', $str).')'; + } + elseif (is_string($str) OR (is_object($str) && method_exists($str, '__toString'))) { return "'".$this->escape_str($str)."'"; } |