diff options
25 files changed, 80 insertions, 512 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index dea705054..8b030af77 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -901,6 +901,43 @@ abstract class CI_DB_driver { // -------------------------------------------------------------------- /** + * Escape the SQL Identifiers + * + * This function escapes column and table names + * + * @param string + * @return string + */ + public function escape_identifiers($item) + { + if ($this->_escape_char == '') + { + return $item; + } + + foreach ($this->_reserved_identifiers as $id) + { + if (strpos($item, '.'.$id) !== FALSE) + { + $item = str_replace('.', $this->_escape_char.'.', $item); + + // remove duplicates if the user already included the escape + return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $this->_escape_char.$item); + } + } + + if (strpos($item, '.') !== FALSE) + { + $item = str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item); + } + + // remove duplicates if the user already included the escape + return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $this->_escape_char.$item.$this->_escape_char); + } + + // -------------------------------------------------------------------- + + /** * Generate an insert string * * @param string the table upon which the query will be performed @@ -913,7 +950,7 @@ abstract class CI_DB_driver { foreach ($data as $key => $val) { - $fields[] = $this->_escape_identifiers($key); + $fields[] = $this->escape_identifiers($key); $values[] = $this->escape($val); } @@ -1254,7 +1291,7 @@ abstract class CI_DB_driver { { if ( ! in_array($val, $this->_reserved_identifiers)) { - $parts[$key] = $this->_escape_identifiers($val); + $parts[$key] = $this->escape_identifiers($val); } } @@ -1311,7 +1348,7 @@ abstract class CI_DB_driver { if ($protect_identifiers === TRUE) { - $item = $this->_escape_identifiers($item); + $item = $this->escape_identifiers($item); } return $item.$alias; @@ -1334,7 +1371,7 @@ abstract class CI_DB_driver { if ($protect_identifiers === TRUE && ! in_array($item, $this->_reserved_identifiers)) { - $item = $this->_escape_identifiers($item); + $item = $this->escape_identifiers($item); } return $item.$alias; diff --git a/system/database/drivers/cubrid/cubrid_driver.php b/system/database/drivers/cubrid/cubrid_driver.php index b2ccec2d4..74d1a850a 100644 --- a/system/database/drivers/cubrid/cubrid_driver.php +++ b/system/database/drivers/cubrid/cubrid_driver.php @@ -435,45 +435,6 @@ class CI_DB_cubrid_driver extends CI_DB { return array('code' => cubrid_errno($this->conn_id), 'message' => cubrid_error($this->conn_id)); } - /** - * Escape the SQL Identifiers - * - * This function escapes column and table names - * - * @param string - * @return string - */ - public function _escape_identifiers($item) - { - if ($this->_escape_char == '') - { - return $item; - } - - foreach ($this->_reserved_identifiers as $id) - { - if (strpos($item, '.'.$id) !== FALSE) - { - $str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item); - - // remove duplicates if the user already included the escape - return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str); - } - } - - if (strpos($item, '.') !== FALSE) - { - $str = $this->_escape_char.str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item).$this->_escape_char; - } - else - { - $str = $this->_escape_char.$item.$this->_escape_char; - } - - // remove duplicates if the user already included the escape - return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str); - } - // -------------------------------------------------------------------- /** diff --git a/system/database/drivers/cubrid/cubrid_forge.php b/system/database/drivers/cubrid/cubrid_forge.php index bbda484c4..f83dc97f4 100644 --- a/system/database/drivers/cubrid/cubrid_forge.php +++ b/system/database/drivers/cubrid/cubrid_forge.php @@ -184,9 +184,7 @@ class CI_DB_cubrid_forge extends CI_DB_forge { // As of version 8.4.0 CUBRID does not support this SQL syntax. } - $sql .= $this->db->_escape_identifiers($table)." ("; - - $sql .= $this->_process_fields($fields); + $sql .= $this->db->escape_identifiers($table).' ('.$this->_process_fields($fields); // If there is a PK defined if (count($primary_keys) > 0) @@ -230,7 +228,7 @@ class CI_DB_cubrid_forge extends CI_DB_forge { */ public function _drop_table($table) { - return "DROP TABLE IF EXISTS ".$this->db->_escape_identifiers($table); + return 'DROP TABLE IF EXISTS '.$this->db->escape_identifiers($table); } // -------------------------------------------------------------------- diff --git a/system/database/drivers/interbase/interbase_driver.php b/system/database/drivers/interbase/interbase_driver.php index fd164cd07..88638a21a 100644 --- a/system/database/drivers/interbase/interbase_driver.php +++ b/system/database/drivers/interbase/interbase_driver.php @@ -343,38 +343,6 @@ class CI_DB_interbase_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Escape the SQL Identifiers - * - * This public function escapes column and table names - * - * @param string - * @return string - */ - protected function _escape_identifiers($item) - { - foreach ($this->_reserved_identifiers as $id) - { - if (strpos($item, '.'.$id) !== FALSE) - { - $item = str_replace('.', $this->_escape_char.'.', $item); - - // remove duplicates if the user already included the escape - return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $this->_escape_char.$item); - } - } - - if (strpos($item, '.') !== FALSE) - { - $item = str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item); - } - - // remove duplicates if the user already included the escape - return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $this->_escape_char.$item.$this->_escape_char); - } - - // -------------------------------------------------------------------- - - /** * From Tables * * This public function implicitly groups FROM tables so there is no confusion diff --git a/system/database/drivers/mssql/mssql_driver.php b/system/database/drivers/mssql/mssql_driver.php index 055c9decb..ae3b843ee 100644 --- a/system/database/drivers/mssql/mssql_driver.php +++ b/system/database/drivers/mssql/mssql_driver.php @@ -404,47 +404,6 @@ class CI_DB_mssql_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Escape the SQL Identifiers - * - * This function escapes column and table names - * - * @param string - * @return string - */ - public function _escape_identifiers($item) - { - if ($this->_escape_char == '') - { - return $item; - } - - foreach ($this->_reserved_identifiers as $id) - { - if (strpos($item, '.'.$id) !== FALSE) - { - $str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item); - - // remove duplicates if the user already included the escape - return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str); - } - } - - if (strpos($item, '.') !== FALSE) - { - $str = $this->_escape_char.str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item).$this->_escape_char; - } - else - { - $str = $this->_escape_char.$item.$this->_escape_char; - } - - // remove duplicates if the user already included the escape - return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str); - } - - // -------------------------------------------------------------------- - - /** * From Tables * * This function implicitly groups FROM tables so there is no confusion diff --git a/system/database/drivers/mssql/mssql_forge.php b/system/database/drivers/mssql/mssql_forge.php index 2e3e314ed..d787b3764 100644 --- a/system/database/drivers/mssql/mssql_forge.php +++ b/system/database/drivers/mssql/mssql_forge.php @@ -68,7 +68,7 @@ class CI_DB_mssql_forge extends CI_DB_forge { */ public function _drop_table($table) { - return "DROP TABLE ".$this->db->_escape_identifiers($table); + return 'DROP TABLE '.$this->db->escape_identifiers($table); } // -------------------------------------------------------------------- @@ -92,7 +92,7 @@ class CI_DB_mssql_forge extends CI_DB_forge { $sql .= 'IF NOT EXISTS '; } - $sql .= $this->db->_escape_identifiers($table)." ("; + $sql .= $this->db->escape_identifiers($table).' ('; $current_field_count = 0; foreach ($fields as $field => $attributes) diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php index 7afa5acd4..28020d3e6 100644 --- a/system/database/drivers/mysql/mysql_driver.php +++ b/system/database/drivers/mysql/mysql_driver.php @@ -439,43 +439,6 @@ class CI_DB_mysql_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Escape the SQL Identifiers - * - * This function escapes column and table names - * - * @param string - * @return string - */ - public function _escape_identifiers($item) - { - if ($this->_escape_char == '') - { - return $item; - } - - foreach ($this->_reserved_identifiers as $id) - { - if (strpos($item, '.'.$id) !== FALSE) - { - $item = str_replace('.', $this->_escape_char.'.', $item); - - // remove duplicates if the user already included the escape - return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $this->_escape_char.$item); - } - } - - if (strpos($item, '.') !== FALSE) - { - $item = str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item); - } - - // remove duplicates if the user already included the escape - return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $this->_escape_char.$item.$this->_escape_char); - } - - // -------------------------------------------------------------------- - - /** * From Tables * * This function implicitly groups FROM tables so there is no confusion diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index 00bc726c5..50e213641 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -439,43 +439,6 @@ class CI_DB_mysqli_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Escape the SQL Identifiers - * - * This function escapes column and table names - * - * @param string - * @return string - */ - public function _escape_identifiers($item) - { - if ($this->_escape_char == '') - { - return $item; - } - - foreach ($this->_reserved_identifiers as $id) - { - if (strpos($item, '.'.$id) !== FALSE) - { - $item = str_replace('.', $this->_escape_char.'.', $item); - - // remove duplicates if the user already included the escape - return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $this->_escape_char.$item); - } - } - - if (strpos($item, '.') !== FALSE) - { - $item = str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item); - } - - // remove duplicates if the user already included the escape - return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $this->_escape_char.$item.$this->_escape_char); - } - - // -------------------------------------------------------------------- - - /** * From Tables * * This function implicitly groups FROM tables so there is no confusion diff --git a/system/database/drivers/mysqli/mysqli_forge.php b/system/database/drivers/mysqli/mysqli_forge.php index a1caf5cfb..4b6939e2a 100644 --- a/system/database/drivers/mysqli/mysqli_forge.php +++ b/system/database/drivers/mysqli/mysqli_forge.php @@ -148,7 +148,7 @@ class CI_DB_mysqli_forge extends CI_DB_forge { $sql .= 'IF NOT EXISTS '; } - $sql .= $this->db->_escape_identifiers($table).' ('.$this->_process_fields($fields); + $sql .= $this->db->escape_identifiers($table).' ('.$this->_process_fields($fields); if (count($primary_keys) > 0) { @@ -187,7 +187,7 @@ class CI_DB_mysqli_forge extends CI_DB_forge { */ public function _drop_table($table) { - return 'DROP TABLE IF EXISTS '.$this->db->_escape_identifiers($table); + return 'DROP TABLE IF EXISTS '.$this->db->escape_identifiers($table); } // -------------------------------------------------------------------- diff --git a/system/database/drivers/mysqli/mysqli_utility.php b/system/database/drivers/mysqli/mysqli_utility.php index 4d7002e78..cb3f86b8b 100644 --- a/system/database/drivers/mysqli/mysqli_utility.php +++ b/system/database/drivers/mysqli/mysqli_utility.php @@ -56,7 +56,7 @@ class CI_DB_mysqli_utility extends CI_DB_utility { */ public function _optimize_table($table) { - return 'OPTIMIZE TABLE '.$this->db->_escape_identifiers($table); + return 'OPTIMIZE TABLE '.$this->db->escape_identifiers($table); } // -------------------------------------------------------------------- @@ -71,7 +71,7 @@ class CI_DB_mysqli_utility extends CI_DB_utility { */ public function _repair_table($table) { - return 'REPAIR TABLE '.$this->db->_escape_identifiers($table); + return 'REPAIR TABLE '.$this->db->escape_identifiers($table); } // -------------------------------------------------------------------- diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php index 756d93a16..6e225ee1f 100644 --- a/system/database/drivers/oci8/oci8_driver.php +++ b/system/database/drivers/oci8/oci8_driver.php @@ -567,43 +567,6 @@ class CI_DB_oci8_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Escape the SQL Identifiers - * - * This function escapes column and table names - * - * @param string - * @return string - */ - public function _escape_identifiers($item) - { - if ($this->_escape_char == '') - { - return $item; - } - - foreach ($this->_reserved_identifiers as $id) - { - if (strpos($item, '.'.$id) !== FALSE) - { - $item = str_replace('.', $this->_escape_char.'.', $item); - - // remove duplicates if the user already included the escape - return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $this->_escape_char.$item); - } - } - - if (strpos($item, '.') !== FALSE) - { - $item = str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item); - } - - // remove duplicates if the user already included the escape - return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $this->_escape_char.$item.$this->_escape_char); - } - - // -------------------------------------------------------------------- - - /** * From Tables * * This function implicitly groups FROM tables so there is no confusion diff --git a/system/database/drivers/oci8/oci8_forge.php b/system/database/drivers/oci8/oci8_forge.php index 4b2eccae5..033e618e7 100644 --- a/system/database/drivers/oci8/oci8_forge.php +++ b/system/database/drivers/oci8/oci8_forge.php @@ -81,7 +81,7 @@ class CI_DB_oci8_forge extends CI_DB_forge { $sql .= 'IF NOT EXISTS '; } - $sql .= $this->db->_escape_identifiers($table).' ('; + $sql .= $this->db->escape_identifiers($table).' ('; $current_field_count = 0; foreach ($fields as $field => $attributes) diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php index de5af7bd2..d1a5f774b 100644 --- a/system/database/drivers/odbc/odbc_driver.php +++ b/system/database/drivers/odbc/odbc_driver.php @@ -343,47 +343,6 @@ class CI_DB_odbc_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Escape the SQL Identifiers - * - * This function escapes column and table names - * - * @param string - * @return string - */ - public function _escape_identifiers($item) - { - if ($this->_escape_char == '') - { - return $item; - } - - foreach ($this->_reserved_identifiers as $id) - { - if (strpos($item, '.'.$id) !== FALSE) - { - $str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item); - - // remove duplicates if the user already included the escape - return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str); - } - } - - if (strpos($item, '.') !== FALSE) - { - $str = $this->_escape_char.str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item).$this->_escape_char; - } - else - { - $str = $this->_escape_char.$item.$this->_escape_char; - } - - // remove duplicates if the user already included the escape - return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str); - } - - // -------------------------------------------------------------------- - - /** * From Tables * * This function implicitly groups FROM tables so there is no confusion diff --git a/system/database/drivers/odbc/odbc_forge.php b/system/database/drivers/odbc/odbc_forge.php index 486a8dd7f..afdd6dec2 100644 --- a/system/database/drivers/odbc/odbc_forge.php +++ b/system/database/drivers/odbc/odbc_forge.php @@ -91,7 +91,7 @@ class CI_DB_odbc_forge extends CI_DB_forge { $sql .= 'IF NOT EXISTS '; } - $sql .= $this->db->_escape_identifiers($table)." ("; + $sql .= $this->db->escape_identifiers($table).' ('; $current_field_count = 0; foreach ($fields as $field => $attributes) diff --git a/system/database/drivers/pdo/pdo_driver.php b/system/database/drivers/pdo/pdo_driver.php index aec39c819..919bb9c00 100644 --- a/system/database/drivers/pdo/pdo_driver.php +++ b/system/database/drivers/pdo/pdo_driver.php @@ -46,8 +46,8 @@ class CI_DB_pdo_driver extends CI_DB { protected $_escape_char = ''; // clause and character used for LIKE escape sequences - protected $_like_escape_str; - protected $_like_escape_chr; + protected $_like_escape_str = " ESCAPE '%s' "; + protected $_like_escape_chr = '!'; /** * The syntax to count rows is slightly different across different @@ -81,18 +81,17 @@ class CI_DB_pdo_driver extends CI_DB { // this one depends on the driver being used if ($this->pdodriver == 'mysql') { + $this->_escape_char = '`'; $this->_like_escape_str = ''; $this->_like_escape_chr = ''; } elseif ($this->pdodriver == 'odbc') { $this->_like_escape_str = " {escape '%s'} "; - $this->_like_escape_chr = '!'; } - else + elseif ( ! in_array($this->pdodriver, array('sqlsrv', 'mssql', 'dblib', 'sybase'))) { - $this->_like_escape_str = " ESCAPE '%s' "; - $this->_like_escape_chr = '!'; + $this->_escape_char = '"'; } $this->trans_enabled = FALSE; @@ -268,8 +267,6 @@ class CI_DB_pdo_driver extends CI_DB { */ protected function _execute($sql) { - $sql = $this->_prep_query($sql); - $result_id = $this->conn_id->query($sql); if (is_object($result_id)) @@ -287,32 +284,6 @@ class CI_DB_pdo_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Prep the query - * - * If needed, each database adapter can prep the query string - * - * @param string an SQL query - * @return string - */ - protected function _prep_query($sql) - { - if ($this->pdodriver === 'pgsql') - { - // Change the backtick(s) for Postgre - $sql = str_replace('`', '"', $sql); - } - elseif ($this->pdodriver === 'sqlite') - { - // Change the backtick(s) for SQLite - $sql = str_replace('`', '', $sql); - } - - return $sql; - } - - // -------------------------------------------------------------------- - - /** * Begin Transaction * * @return bool @@ -516,7 +487,7 @@ class CI_DB_pdo_driver extends CI_DB { } else { - $sql = "SHOW TABLES FROM `".$this->database."`"; + $sql = 'SHOW TABLES FROM '.$this->escape_identifiers($this->database); } if ($prefix_limit !== FALSE AND $this->dbprefix != '') @@ -539,7 +510,7 @@ class CI_DB_pdo_driver extends CI_DB { */ protected function _list_columns($table = '') { - return 'SHOW COLUMNS FROM '.$this->_from_tables($table); + return 'SHOW COLUMNS FROM '.$this->escape_identifiers($table); } // -------------------------------------------------------------------- @@ -557,20 +528,20 @@ class CI_DB_pdo_driver extends CI_DB { if ($this->pdodriver == 'mysql' or $this->pdodriver == 'pgsql') { // Analog function for mysql and postgre - return 'SELECT * FROM '.$this->_from_tables($table).' LIMIT 1'; + return 'SELECT * FROM '.$this->escape_identifiers($table).' LIMIT 1'; } elseif ($this->pdodriver == 'oci') { // Analog function for oci - return 'SELECT * FROM '.$this->_from_tables($table).' WHERE ROWNUM <= 1'; + return 'SELECT * FROM '.$this->escape_identifiers($table).' WHERE ROWNUM <= 1'; } elseif ($this->pdodriver == 'sqlite') { // Analog function for sqlite - return 'PRAGMA table_info('.$this->_from_tables($table).')'; + return 'PRAGMA table_info('.$this->escape_identifiers($table).')'; } - return 'SELECT TOP 1 FROM '.$this->_from_tables($table); + return 'SELECT TOP 1 FROM '.$this->escape_identifiers($table); } // -------------------------------------------------------------------- @@ -605,48 +576,6 @@ class CI_DB_pdo_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Escape the SQL Identifiers - * - * This function escapes column and table names - * - * @param string - * @return string - */ - public function _escape_identifiers($item) - { - if ($this->_escape_char == '') - { - return $item; - } - - foreach ($this->_reserved_identifiers as $id) - { - if (strpos($item, '.'.$id) !== FALSE) - { - $str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item); - - // remove duplicates if the user already included the escape - return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str); - } - } - - if (strpos($item, '.') !== FALSE) - { - $str = $this->_escape_char.str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item); - $str .= $this->_escape_char; - } - else - { - $str = $this->_escape_char.$item.$this->_escape_char; - } - - // remove duplicates if the user already included the escape - return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str); - } - - // -------------------------------------------------------------------- - - /** * From Tables * * This function implicitly groups FROM tables so there is no confusion @@ -662,7 +591,7 @@ class CI_DB_pdo_driver extends CI_DB { $tables = array($tables); } - return (count($tables) == 1) ? '`'.$tables[0].'`' : '('.implode(', ', $tables).')'; + return (count($tables) === 1) ? $tables[0] : '('.implode(', ', $tables).')'; } // -------------------------------------------------------------------- @@ -695,7 +624,7 @@ class CI_DB_pdo_driver extends CI_DB { } } - $sql = 'UPDATE '.$this->_from_tables($table).' SET '; + $sql = 'UPDATE '.$table.' SET '; $cases = ''; foreach ($final as $k => $v) @@ -765,7 +694,7 @@ class CI_DB_pdo_driver extends CI_DB { $limit = ( ! $limit) ? '' : ' LIMIT '.$limit; - return 'DELETE FROM '.$this->_from_tables($table).$conditions.$limit; + return 'DELETE FROM '.$table.$conditions.$limit; } // -------------------------------------------------------------------- diff --git a/system/database/drivers/pdo/pdo_forge.php b/system/database/drivers/pdo/pdo_forge.php index 6bff3542f..9635e4c9a 100644 --- a/system/database/drivers/pdo/pdo_forge.php +++ b/system/database/drivers/pdo/pdo_forge.php @@ -91,10 +91,10 @@ class CI_DB_pdo_forge extends CI_DB_forge { $sql .= 'IF NOT EXISTS '; } - $sql .= '`'.$this->db->_escape_identifiers($table).'` ('; + $sql .= $this->db->escape_identifiers($table).' ('; $current_field_count = 0; - foreach ($fields as $field=>$attributes) + foreach ($fields as $field => $attributes) { // Numeric field names aren't allowed in databases, so if the key is // numeric, we know it was assigned by PHP and the developer manually diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php index f95ff560f..1e96452b4 100644 --- a/system/database/drivers/postgre/postgre_driver.php +++ b/system/database/drivers/postgre/postgre_driver.php @@ -457,47 +457,6 @@ class CI_DB_postgre_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Escape the SQL Identifiers - * - * This function escapes column and table names - * - * @param string - * @return string - */ - public function _escape_identifiers($item) - { - if ($this->_escape_char == '') - { - return $item; - } - - foreach ($this->_reserved_identifiers as $id) - { - if (strpos($item, '.'.$id) !== FALSE) - { - $str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item); - - // remove duplicates if the user already included the escape - return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str); - } - } - - if (strpos($item, '.') !== FALSE) - { - $str = $this->_escape_char.str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item).$this->_escape_char; - } - else - { - $str = $this->_escape_char.$item.$this->_escape_char; - } - - // remove duplicates if the user already included the escape - return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str); - } - - // -------------------------------------------------------------------- - - /** * From Tables * * This function implicitly groups FROM tables so there is no confusion diff --git a/system/database/drivers/postgre/postgre_forge.php b/system/database/drivers/postgre/postgre_forge.php index a72449820..f7d59284a 100644 --- a/system/database/drivers/postgre/postgre_forge.php +++ b/system/database/drivers/postgre/postgre_forge.php @@ -193,8 +193,7 @@ class CI_DB_postgre_forge extends CI_DB_forge { } } - $sql .= $this->db->_escape_identifiers($table)." ("; - $sql .= $this->_process_fields($fields, $primary_keys); + $sql .= $this->db->escape_identifiers($table).' ('.$this->_process_fields($fields, $primary_keys); if (count($primary_keys) > 0) { @@ -237,11 +236,12 @@ class CI_DB_postgre_forge extends CI_DB_forge { /** * Drop Table * + * @param string table name * @return string */ public function _drop_table($table) { - return "DROP TABLE IF EXISTS ".$this->db->_escape_identifiers($table)." CASCADE"; + return 'DROP TABLE IF EXISTS '.$this->db->escape_identifiers($table).' CASCADE'; } // -------------------------------------------------------------------- diff --git a/system/database/drivers/sqlite/sqlite_driver.php b/system/database/drivers/sqlite/sqlite_driver.php index 9c611f2fd..3a986d0a8 100644 --- a/system/database/drivers/sqlite/sqlite_driver.php +++ b/system/database/drivers/sqlite/sqlite_driver.php @@ -366,47 +366,6 @@ class CI_DB_sqlite_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Escape the SQL Identifiers - * - * This function escapes column and table names - * - * @param string - * @return string - */ - public function _escape_identifiers($item) - { - if ($this->_escape_char == '') - { - return $item; - } - - foreach ($this->_reserved_identifiers as $id) - { - if (strpos($item, '.'.$id) !== FALSE) - { - $str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item); - - // remove duplicates if the user already included the escape - return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str); - } - } - - if (strpos($item, '.') !== FALSE) - { - $str = $this->_escape_char.str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item).$this->_escape_char; - } - else - { - $str = $this->_escape_char.$item.$this->_escape_char; - } - - // remove duplicates if the user already included the escape - return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str); - } - - // -------------------------------------------------------------------- - - /** * From Tables * * This function implicitly groups FROM tables so there is no confusion diff --git a/system/database/drivers/sqlite/sqlite_forge.php b/system/database/drivers/sqlite/sqlite_forge.php index 068a556ed..a62e8d9ae 100644 --- a/system/database/drivers/sqlite/sqlite_forge.php +++ b/system/database/drivers/sqlite/sqlite_forge.php @@ -90,10 +90,10 @@ class CI_DB_sqlite_forge extends CI_DB_forge { $sql .= 'IF NOT EXISTS '; } - $sql .= $this->db->_escape_identifiers($table)."("; + $sql .= $this->db->escape_identifiers($table).' ('; $current_field_count = 0; - foreach ($fields as $field=>$attributes) + foreach ($fields as $field => $attributes) { // Numeric field names aren't allowed in databases, so if the key is // numeric, we know it was assigned by PHP and the developer manually diff --git a/system/database/drivers/sqlite3/sqlite3_driver.php b/system/database/drivers/sqlite3/sqlite3_driver.php index c78f0c4fe..12354e1bc 100644 --- a/system/database/drivers/sqlite3/sqlite3_driver.php +++ b/system/database/drivers/sqlite3/sqlite3_driver.php @@ -342,43 +342,6 @@ class CI_DB_sqlite3_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Escape the SQL Identifiers - * - * This function escapes column and table names - * - * @param string - * @return string - */ - public function _escape_identifiers($item) - { - if ($this->_escape_char == '') - { - return $item; - } - - foreach ($this->_reserved_identifiers as $id) - { - if (strpos($item, '.'.$id) !== FALSE) - { - $item = str_replace('.', $this->_escape_char.'.', $item); - - // remove duplicates if the user already included the escape - return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $this->_escape_char.$item); - } - } - - if (strpos($item, '.') !== FALSE) - { - $item = str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item); - } - - // remove duplicates if the user already included the escape - return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $this->_escape_char.$item.$this->_escape_char); - } - - // -------------------------------------------------------------------- - - /** * From Tables * * This function implicitly groups FROM tables so there is no confusion diff --git a/system/database/drivers/sqlite3/sqlite3_forge.php b/system/database/drivers/sqlite3/sqlite3_forge.php index 254db21d8..3a2060c3b 100644 --- a/system/database/drivers/sqlite3/sqlite3_forge.php +++ b/system/database/drivers/sqlite3/sqlite3_forge.php @@ -95,10 +95,10 @@ class CI_DB_sqlite3_forge extends CI_DB_forge { $sql .= 'IF NOT EXISTS '; } - $sql .= $this->db->_escape_identifiers($table).'('; + $sql .= $this->db->escape_identifiers($table).' ('; $current_field_count = 0; - foreach ($fields as $field=>$attributes) + foreach ($fields as $field => $attributes) { // Numeric field names aren't allowed in databases, so if the key is // numeric, we know it was assigned by PHP and the developer manually diff --git a/system/database/drivers/sqlsrv/sqlsrv_driver.php b/system/database/drivers/sqlsrv/sqlsrv_driver.php index f75024799..f4eab8f28 100644 --- a/system/database/drivers/sqlsrv/sqlsrv_driver.php +++ b/system/database/drivers/sqlsrv/sqlsrv_driver.php @@ -393,21 +393,6 @@ class CI_DB_sqlsrv_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Escape the SQL Identifiers - * - * This function escapes column and table names - * - * @param string - * @return string - */ - public function _escape_identifiers($item) - { - return $item; - } - - // -------------------------------------------------------------------- - - /** * From Tables * * This function implicitly groups FROM tables so there is no confusion diff --git a/system/database/drivers/sqlsrv/sqlsrv_forge.php b/system/database/drivers/sqlsrv/sqlsrv_forge.php index 0dc7b5242..377dcf154 100644 --- a/system/database/drivers/sqlsrv/sqlsrv_forge.php +++ b/system/database/drivers/sqlsrv/sqlsrv_forge.php @@ -63,11 +63,12 @@ class CI_DB_sqlsrv_forge extends CI_DB_forge { /** * Drop Table * - * @return bool + * @param string table name + * @return string */ public function _drop_table($table) { - return "DROP TABLE ".$this->db->_escape_identifiers($table); + return 'DROP TABLE '.$this->db->escape_identifiers($table); } // -------------------------------------------------------------------- @@ -91,7 +92,7 @@ class CI_DB_sqlsrv_forge extends CI_DB_forge { $sql .= 'IF NOT EXISTS '; } - $sql .= $this->db->_escape_identifiers($table)." ("; + $sql .= $this->db->escape_identifiers($table).' ('; $current_field_count = 0; foreach ($fields as $field => $attributes) diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 81644ecac..3ad930ed1 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -75,7 +75,7 @@ Release Date: Not Released - Added _optimize_table() support for the :doc:`Database Utility Class <database/utilities>` (rebuilds table indexes). - Added a constructor to the DB_result class and moved all driver-specific properties and logic out of the base DB_driver class to allow better abstraction. - Removed limit() and order_by() support for UPDATE and DELETE queries in PostgreSQL driver. Postgres does not support those features. - - Removed protect_identifiers() and renamed _protect_identifiers() to it instead - it was just an alias. + - Removed protect_identifiers() and renamed internal method _protect_identifiers() to it instead - it was just an alias. - MySQL and MySQLi drivers now require at least MySQL version 5.1. - db_set_charset() now only requires one parameter (collation was only needed due to legacy support for MySQL versions prior to 5.1). - Added DSN string support for CUBRID. @@ -91,6 +91,7 @@ Release Date: Not Released - *Row* result methods now really only fetch only the needed number of rows, instead of depending entirely on result(). - num_rows() is now only called explicitly by the developer and no longer re-executes statements. - Added replace() support for SQLite. + - Renamed internal method _escape_identifiers() to escape_identifiers(). - Libraries |