summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--system/database/DB_query_builder.php15
-rw-r--r--user_guide_src/source/changelog.rst2
2 files changed, 12 insertions, 5 deletions
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index 0bb91bae9..da8820421 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php
@@ -1276,7 +1276,8 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
foreach ($key as $k => $v)
{
- $this->qb_set[$this->protect_identifiers($k, FALSE, $escape)] = $this->escape($v);
+ $this->qb_set[$this->protect_identifiers($k, FALSE, $escape)] = ($escape)
+ ? $this->escape($v) : $v;
}
return $this;
@@ -1515,9 +1516,15 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
ksort($row); // puts $row in the same order as our keys
- foreach ($row as $k => $v)
+ if ($escape !== FALSE)
{
- $row[$k] = $this->escape($v);
+ $clean = array();
+ foreach ($row as $value)
+ {
+ $clean[] = $this->escape($value);
+ }
+
+ $row = $clean;
}
$this->qb_set[] = '('.implode(',', $row).')';
@@ -1938,7 +1945,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
$index_set = TRUE;
}
- $clean[$this->protect_identifiers($k2, FALSE, $escape)] = $this->escape($v2);
+ $clean[$this->protect_identifiers($k2, FALSE, $escape)] = ($escape === FALSE) ? $v2 : $this->escape($v2);
}
if ($index_set === FALSE)
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index fac119f78..1c29eb769 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -68,7 +68,7 @@ Bug fixes for 3.0.1
- Fixed a bug (#3704) - :doc:`Database <database/index>` method ``stored_procedure()`` in the 'oci8' driver didn't properly bind parameters.
- Fixed a bug (#3778) - :doc:`Download Helper <helpers/download_helper>` function :php:func:`force_download()` incorrectly sent a *Pragma* response header.
- Fixed a bug (#3752) - ``$routing['directory']`` overrides were not properly handled and always resulted in a 404 "Not Found" error.
-- Fixed an internal bug (#3989) - :doc:`Query Builder <database/query_builder>` escaping logic where if field name escaping is force-disabled, would also treat values as fields in methods ``where()``, ``having()``, ``set()``, ``set_insert_batch()``, ``set_update_batch()``.
+- Fixed an internal bug in :doc:`Query Builder <database/query_builder>` escaping logic where if field name escaping is force-disabled, methods ``where()`` and ``having()`` will also treat values as fields.
- Fixed a bug (#3279) - :doc:`Query Builder <database/query_builder>` methods ``update()`` and ``get_compiled_update()`` did double escaping on the table name if it was provided via ``from()``.
- Fixed a bug (#3991) - ``$config['rewrite_short_tags']`` never worked due to ``function_exists('eval')`` always returning FALSE.
- Fixed a bug where the :doc:`File Uploadin Library <libraries/file_uploading>` library will not properly configure its maximum file size unless the input value is of type integer.