From a0e86293949ff7761cca573853e54146d76f9ba7 Mon Sep 17 00:00:00 2001
From: Rick Ellis <rick.ellis@ellislab.com>
Date: Sun, 26 Oct 2008 22:46:55 +0000
Subject: Fixed a bug in which identifers were not being escaped properly when
 reserved characters were used

---
 system/database/drivers/mysql/mysql_driver.php | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

(limited to 'system/database/drivers/mysql')

diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php
index e0a1cee7d..45bf77149 100644
--- a/system/database/drivers/mysql/mysql_driver.php
+++ b/system/database/drivers/mysql/mysql_driver.php
@@ -434,7 +434,18 @@ class CI_DB_mysql_driver extends CI_DB {
 		{
 			return $item;
 		}
-	
+
+		foreach ($this->_reserved_identifiers as $id)
+		{
+			if (strpos($item, '.'.$id) !== FALSE)
+			{
+				$str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item);  
+				
+				// remove duplicates if the user already included the escape
+				return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str);
+			}		
+		}
+		
 		if (strpos($item, '.') !== FALSE)
 		{
 			$str = $this->_escape_char.str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item).$this->_escape_char;			
@@ -443,7 +454,7 @@ class CI_DB_mysql_driver extends CI_DB {
 		{
 			$str = $this->_escape_char.$item.$this->_escape_char;
 		}
-		
+	
 		// remove duplicates if the user already included the escape
 		return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str);
 	}
-- 
cgit v1.2.3-24-g4f1b