diff options
| -rw-r--r-- | system/database/DB_driver.php | 2 | ||||
| -rw-r--r-- | system/database/drivers/mysql/mysql_driver.php | 2 | ||||
| -rw-r--r-- | system/database/drivers/mysqli/mysqli_driver.php | 2 | ||||
| -rw-r--r-- | user_guide/changelog.html | 1 |
4 files changed, 4 insertions, 3 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 390d5570b..d7f17ccb8 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -822,7 +822,7 @@ class CI_DB_driver { return FALSE; } - if (FALSE === ($sql = $this->_list_columns($this->_protect_identifiers($table, TRUE, NULL, FALSE)))) + if (FALSE === ($sql = $this->_list_columns($table))) { if ($this->db_debug) { diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php index 85a6ef4a0..bd60d9ffe 100644 --- a/system/database/drivers/mysql/mysql_driver.php +++ b/system/database/drivers/mysql/mysql_driver.php @@ -408,7 +408,7 @@ class CI_DB_mysql_driver extends CI_DB { */ function _list_columns($table = '') { - return "SHOW COLUMNS FROM ".$table; + return "SHOW COLUMNS FROM ".$this->_protect_identifiers($table, TRUE, NULL, FALSE); } // -------------------------------------------------------------------- diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index 5d7200fbd..d0e2defec 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -409,7 +409,7 @@ class CI_DB_mysqli_driver extends CI_DB { */ function _list_columns($table = '') { - return "SHOW COLUMNS FROM ".$table; + return "SHOW COLUMNS FROM ".$this->_protect_identifiers($table, TRUE, NULL, FALSE); } // -------------------------------------------------------------------- diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 4214a0de5..713f012a2 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -75,6 +75,7 @@ SVN Revision: </p> <li>Database <ul> <li>Semantic change to db->version() function to allow a list of exceptions for databases with functions to return version string instead of specially formed SQL queries. Currently this list only includes Oracle and SQLite.</li> + <li>Fixed a bug where driver specific table identifier protection could lead to malformed queries in the <kbd>field_data()</kbd> functions.</li> </ul> </li> <li>Helpers |