diff options
author | Andrey Andreev <narf@bofh.bg> | 2012-06-10 13:35:07 +0200 |
---|---|---|
committer | Andrey Andreev <narf@bofh.bg> | 2012-06-10 13:35:07 +0200 |
commit | 9c14f650c86f54f950695e0c628b33a59d4dd10b (patch) | |
tree | f05db65759c907afe50e63cb19a078305f4fae81 /system | |
parent | b30426d50d84631201bcdc93439feaa37ce71df9 (diff) |
Fix _where() escaping operators
Diffstat (limited to 'system')
-rw-r--r-- | system/database/DB_query_builder.php | 9 | ||||
-rw-r--r-- | system/database/drivers/postgre/postgre_driver.php | 9 |
2 files changed, 8 insertions, 10 deletions
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 3b45bbada..7a54fce48 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -426,6 +426,10 @@ abstract class CI_DB_query_builder extends CI_DB_driver { { $prefix = (count($this->qb_where) === 0 && count($this->qb_cache_where) === 0) ? '' : $type; + $k = $this->_has_operator($k) + ? $this->protect_identifiers(substr($k, 0, strrpos(rtrim($k), ' ')), FALSE, $escape).strrchr(rtrim($k), ' ') + : $this->protect_identifiers($k, FALSE, $escape); + if (is_null($v) && ! $this->_has_operator($k)) { // value appears not to have been set, assign the test to IS NULL @@ -436,7 +440,6 @@ abstract class CI_DB_query_builder extends CI_DB_driver { { if ($escape === TRUE) { - $k = $this->protect_identifiers($k, FALSE, $escape); $v = ' '.$this->escape($v); } @@ -445,10 +448,6 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $k .= ' = '; } } - else - { - $k = $this->protect_identifiers($k, FALSE, $escape); - } $this->qb_where[] = $prefix.$k.$v; if ($this->qb_caching === TRUE) diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php index 7375fbf71..9cce1a403 100644 --- a/system/database/drivers/postgre/postgre_driver.php +++ b/system/database/drivers/postgre/postgre_driver.php @@ -615,6 +615,10 @@ class CI_DB_postgre_driver extends CI_DB { { $prefix = (count($this->qb_where) === 0 && count($this->qb_cache_where) === 0) ? '' : $type; + $k = $this->_has_operator($k) + ? $this->protect_identifiers(substr($k, 0, strrpos(rtrim($k), ' ')), FALSE, $escape).strrchr(rtrim($k), ' ') + : $this->protect_identifiers($k, FALSE, $escape); + if (is_null($v) && ! $this->_has_operator($k)) { // value appears not to have been set, assign the test to IS NULL @@ -625,7 +629,6 @@ class CI_DB_postgre_driver extends CI_DB { { if ($escape === TRUE) { - $k = $this->protect_identifiers($k, FALSE, $escape); $v = ' '.$this->escape($v); } elseif (is_bool($v)) @@ -638,10 +641,6 @@ class CI_DB_postgre_driver extends CI_DB { $k .= ' = '; } } - else - { - $k = $this->protect_identifiers($k, FALSE, $escape); - } $this->qb_where[] = $prefix.$k.$v; if ($this->qb_caching === TRUE) |