summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2016-10-27 15:55:19 +0200
committerAndrey Andreev <narf@devilix.net>2016-10-27 15:55:19 +0200
commit0c23e9122666a30797079bea9415da135d4f7e12 (patch)
tree52d59498a7409ee2e5cf8bd2eee1659d397291dd /system
parent2b9d88c3fe78218bb9d8bcbb6ea114d190bc0d0e (diff)
Fix #4871
Diffstat (limited to 'system')
-rw-r--r--system/database/DB_query_builder.php8
1 files changed, 5 insertions, 3 deletions
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index 7a008eeb8..5491b2000 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php
@@ -1915,7 +1915,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
$affected_rows = 0;
for ($i = 0, $total = count($this->qb_set); $i < $total; $i += $batch_size)
{
- if ($this->query($this->_update_batch($this->protect_identifiers($table, TRUE, NULL, FALSE), array_slice($this->qb_set, $i, $batch_size), $this->protect_identifiers($index))))
+ if ($this->query($this->_update_batch($this->protect_identifiers($table, TRUE, NULL, FALSE), array_slice($this->qb_set, $i, $batch_size), $index)))
{
$affected_rows += $this->affected_rows();
}
@@ -1941,6 +1941,8 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
*/
protected function _update_batch($table, $values, $index)
{
+ $index_escaped = $this->protect_identifiers($index);
+
$ids = array();
foreach ($values as $key => $val)
{
@@ -1950,7 +1952,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
{
if ($field !== $index)
{
- $final[$field][] = 'WHEN '.$index.' = '.$val[$index].' THEN '.$val[$field];
+ $final[$field][] = 'WHEN '.$index_escaped.' = '.$val[$index].' THEN '.$val[$field];
}
}
}
@@ -1963,7 +1965,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
.'ELSE '.$k.' END, ';
}
- $this->where($index.' IN('.implode(',', $ids).')', NULL, FALSE);
+ $this->where($index_escaped.' IN('.implode(',', $ids).')', NULL, FALSE);
return 'UPDATE '.$table.' SET '.substr($cases, 0, -2).$this->_compile_wh('qb_where');
}