diff options
| -rw-r--r-- | system/database/DB_query_builder.php | 2 | ||||
| -rw-r--r-- | user_guide_src/source/changelog.rst | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 355613c6f..e6a108209 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -385,7 +385,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $alias = $this->_create_alias_from_table(trim($select)); } - $sql = $this->protect_identifiers($type.'('.trim($select).')').' AS '.$this->escape_identifiers(trim($alias)); + $sql = $type.'('.$this->protect_identifiers(trim($select)).') AS '.$this->escape_identifiers(trim($alias)); $this->qb_select[] = $sql; $this->qb_no_escape[] = NULL; diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 81d92f755..8b5798751 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -604,6 +604,7 @@ Bug fixes for 3.0 - Fixed a bug (#180) - :php:func:`config_item()` didn't take into account run-time configuration changes. - Fixed a bug (#2551) - :doc:`Loader Library <libraries/loader>` method ``library()`` didn't properly check if a class that is being loaded already exits. - Fixed a bug (#2560) - :doc:`Form Helper <helpers/form_helper>` function :php:func:`form_open()` set the 'method="post"' attribute only if the passed attributes equaled an empty string. +- Fixed a bug (#2585) - :doc:`Query Builder <database/query_builder>` methods ``min()``, ``max()``, ``avg()``, ``sum()`` didn't escape field names. Version 2.1.4 ============= |