From e156c6eb4a018a91d3cfcaa2d1fd3b3e67dc2808 Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Wed, 20 Apr 2011 16:03:04 -0500 Subject: Fixed a bug (Core #340) where when passing in the second parameter to $this->db->select(), column names in subsequent queries would not be properly escaped. --- system/database/DB_active_rec.php | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) (limited to 'system/database/DB_active_rec.php') diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php index db8471364..9ceac0b76 100644 --- a/system/database/DB_active_rec.php +++ b/system/database/DB_active_rec.php @@ -58,6 +58,8 @@ class CI_DB_active_record extends CI_DB_driver { var $ar_cache_having = array(); var $ar_cache_orderby = array(); var $ar_cache_set = array(); + + var $ar_no_escape = array(); // -------------------------------------------------------------------- @@ -73,12 +75,6 @@ class CI_DB_active_record extends CI_DB_driver { */ function select($select = '*', $escape = NULL) { - // Set the global value if this was sepecified - if (is_bool($escape)) - { - $this->_protect_identifiers = $escape; - } - if (is_string($select)) { $select = explode(',', $select); @@ -91,6 +87,7 @@ class CI_DB_active_record extends CI_DB_driver { if ($val != '') { $this->ar_select[] = $val; + $this->ar_no_escape[] = $escape; if ($this->ar_caching === TRUE) { @@ -441,10 +438,10 @@ class CI_DB_active_record extends CI_DB_driver { $v = ' '.$this->escape($v); } - + if ( ! $this->_has_operator($k)) { - $k .= ' ='; + $k .= ' = '; } } else @@ -1718,7 +1715,7 @@ class CI_DB_active_record extends CI_DB_driver { // is because until the user calls the from() function we don't know if there are aliases foreach ($this->ar_select as $key => $val) { - $this->ar_select[$key] = $this->_protect_identifiers($val); + $this->ar_select[$key] = $this->_protect_identifiers($val, FALSE, $this->ar_no_escape[$key]); } $sql .= implode(', ', $this->ar_select); @@ -1753,9 +1750,7 @@ class CI_DB_active_record extends CI_DB_driver { if (count($this->ar_where) > 0 OR count($this->ar_like) > 0) { - $sql .= "\n"; - - $sql .= "WHERE "; + $sql .= "\nWHERE "; } $sql .= implode("\n", $this->ar_where); @@ -2032,6 +2027,7 @@ class CI_DB_active_record extends CI_DB_driver { 'ar_orderby' => array(), 'ar_wherein' => array(), 'ar_aliased_tables' => array(), + 'ar_no_escape' => array(), 'ar_distinct' => FALSE, 'ar_limit' => FALSE, 'ar_offset' => FALSE, -- cgit v1.2.3-24-g4f1b From 114ab0988e20ac6be39ad363ff897a1a3b85e565 Mon Sep 17 00:00:00 2001 From: Razican Date: Mon, 25 Apr 2011 17:26:45 +0200 Subject: Fixed double-space typo. --- system/database/DB_active_rec.php | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) (limited to 'system/database/DB_active_rec.php') diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php index 9ceac0b76..508f6bedf 100644 --- a/system/database/DB_active_rec.php +++ b/system/database/DB_active_rec.php @@ -1,4 +1,4 @@ -_track_aliases($val); @@ -332,7 +332,7 @@ class CI_DB_active_record extends CI_DB_driver { } } - // Extract any aliases that might exist. We use this information + // Extract any aliases that might exist. We use this information // in the _protect_identifiers to know whether to add a table prefix $this->_track_aliases($table); @@ -438,7 +438,7 @@ class CI_DB_active_record extends CI_DB_driver { $v = ' '.$this->escape($v); } - + if ( ! $this->_has_operator($k)) { $k .= ' = '; @@ -926,7 +926,7 @@ class CI_DB_active_record extends CI_DB_driver { // -------------------------------------------------------------------- /** - * The "set" function. Allows key/value pairs to be set for inserting or updating + * The "set" function. Allows key/value pairs to be set for inserting or updating * * @access public * @param mixed @@ -1084,7 +1084,7 @@ class CI_DB_active_record extends CI_DB_driver { { if ($this->db_debug) { - //No valid data array. Folds in cases where keys and values did not match up + //No valid data array. Folds in cases where keys and values did not match up return $this->display_error('db_must_use_set'); } return FALSE; @@ -1124,7 +1124,7 @@ class CI_DB_active_record extends CI_DB_driver { // -------------------------------------------------------------------- /** - * The "set_insert_batch" function. Allows key/value pairs to be set for batch inserts + * The "set_insert_batch" function. Allows key/value pairs to be set for batch inserts * * @access public * @param mixed @@ -1158,7 +1158,7 @@ class CI_DB_active_record extends CI_DB_driver { if ($escape === FALSE) { - $this->ar_set[] = '('.implode(',', $row).')'; + $this->ar_set[] = '('.implode(',', $row).')'; } else { @@ -1169,7 +1169,7 @@ class CI_DB_active_record extends CI_DB_driver { $clean[] = $this->escape($value); } - $this->ar_set[] = '('.implode(',', $clean).')'; + $this->ar_set[] = '('.implode(',', $clean).')'; } } @@ -1399,7 +1399,7 @@ class CI_DB_active_record extends CI_DB_driver { // -------------------------------------------------------------------- /** - * The "set_update_batch" function. Allows key/value pairs to be set for batch updating + * The "set_update_batch" function. Allows key/value pairs to be set for batch updating * * @access public * @param array @@ -1652,7 +1652,7 @@ class CI_DB_active_record extends CI_DB_driver { return; } - // Does the string contain a comma? If so, we need to separate + // Does the string contain a comma? If so, we need to separate // the string into discreet statements if (strpos($table, ',') !== FALSE) { @@ -1682,7 +1682,7 @@ class CI_DB_active_record extends CI_DB_driver { * Compile the SELECT statement * * Generates a query string based on which functions were used. - * Should not be called directly. The get() function calls it. + * Should not be called directly. The get() function calls it. * * @access private * @return string @@ -1989,7 +1989,7 @@ class CI_DB_active_record extends CI_DB_driver { // -------------------------------------------------------------------- /** - * Resets the active record values. Called by the get() function + * Resets the active record values. Called by the get() function * * @access private * @param array An array of fields to reset @@ -2009,7 +2009,7 @@ class CI_DB_active_record extends CI_DB_driver { // -------------------------------------------------------------------- /** - * Resets the active record values. Called by the get() function + * Resets the active record values. Called by the get() function * * @access private * @return void -- cgit v1.2.3-24-g4f1b From 2e1837a3afabe7e6c71fc88d7a4f5e430fa96744 Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Fri, 6 May 2011 12:17:04 -0500 Subject: Fix #275 -- regression in db::_compile_select(). Thanks @patwork for the patch --- system/database/DB_active_rec.php | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) (limited to 'system/database/DB_active_rec.php') diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php index 508f6bedf..d94d4a13c 100644 --- a/system/database/DB_active_rec.php +++ b/system/database/DB_active_rec.php @@ -60,7 +60,7 @@ class CI_DB_active_record extends CI_DB_driver { var $ar_cache_set = array(); var $ar_no_escape = array(); - + var $ar_cache_no_escape = array(); // -------------------------------------------------------------------- @@ -93,6 +93,7 @@ class CI_DB_active_record extends CI_DB_driver { { $this->ar_cache_select[] = $val; $this->ar_cache_exists[] = 'select'; + $this->ar_cache_no_escape[] = $escape; } } } @@ -1933,16 +1934,17 @@ class CI_DB_active_record extends CI_DB_driver { { $this->_reset_run( array( - 'ar_cache_select' => array(), - 'ar_cache_from' => array(), - 'ar_cache_join' => array(), - 'ar_cache_where' => array(), - 'ar_cache_like' => array(), - 'ar_cache_groupby' => array(), - 'ar_cache_having' => array(), - 'ar_cache_orderby' => array(), - 'ar_cache_set' => array(), - 'ar_cache_exists' => array() + 'ar_cache_select' => array(), + 'ar_cache_from' => array(), + 'ar_cache_join' => array(), + 'ar_cache_where' => array(), + 'ar_cache_like' => array(), + 'ar_cache_groupby' => array(), + 'ar_cache_having' => array(), + 'ar_cache_orderby' => array(), + 'ar_cache_set' => array(), + 'ar_cache_exists' => array(), + 'ar_cache_no_escape' => array() ) ); } @@ -1984,6 +1986,8 @@ class CI_DB_active_record extends CI_DB_driver { { $this->_track_aliases($this->ar_from); } + + $this->ar_no_escape = $this->ar_cache_no_escape; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b