From 6e7047576338e896a43a35eb2fa79136adc01d8d Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@bofh.bg>
Date: Wed, 18 Jul 2012 00:46:33 +0300
Subject: Fix WHERE escaping/prefixing

---
 system/database/DB_driver.php | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

(limited to 'system/database/DB_driver.php')

diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index d63a1d955..b7c6b4e8e 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -1168,8 +1168,21 @@ abstract class CI_DB_driver {
 	 */
 	protected function _get_operator($str)
 	{
-		return preg_match('/(=|!|<|>| IS NULL| IS NOT NULL| BETWEEN)/i', $str, $match)
-			? $match[1] : FALSE;
+		static $_operators = array(
+			'\s*(?:<|>|!)?=\s*',		// =, <=, >=, !=
+			'\s*<>?\s*',			// <, <>
+			'\s*>\s*',			// >
+			'\s+IS NULL',			// IS NULL
+			'\s+IS NOT NULL',		// IS NOT NULL
+			'\s+LIKE\s+',			// LIKE
+			'\s+NOT LIKE\s+',		// NOT LIKE
+			'\s+BETWEEN\s+\S+\s+AND\s+\S+',	// BETWEEN value AND value
+			'\s+IN\s*\([^\)]+\)',		// IN(list)
+			'\s+NOT IN\s*\([^\)]+\)'	// NOT IN (list)
+		);
+
+		return preg_match('/'.implode('|', $_operators).'/i', $str, $match)
+			? $match[0] : FALSE;
 	}
 
 	// --------------------------------------------------------------------
-- 
cgit v1.2.3-24-g4f1b