From 52dc8ca4372eb36e9186cef0e34bf0cafe5b1cd8 Mon Sep 17 00:00:00 2001 From: Rick Ellis Date: Tue, 30 Sep 2008 19:53:52 +0000 Subject: Added backticks to column names when using insert_string and update_string. Relates to this bug report: http://codeigniter.com/bug_tracker/bug/4509/ --- system/database/DB_driver.php | 5 ++-- system/database/drivers/mssql/mssql_driver.php | 29 ++++++++++++++-------- system/database/drivers/mysql/mysql_driver.php | 16 ++++++++++++ system/database/drivers/mysqli/mysqli_driver.php | 16 ++++++++++++ system/database/drivers/oci8/oci8_driver.php | 17 +++++++++++++ system/database/drivers/odbc/odbc_driver.php | 22 +++++++++++++--- system/database/drivers/postgre/postgre_driver.php | 18 +++++++++++++- system/database/drivers/sqlite/sqlite_driver.php | 20 +++++++++++++-- 8 files changed, 124 insertions(+), 19 deletions(-) (limited to 'system/database') diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 1450a0644..b937ffd6a 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -911,11 +911,10 @@ class CI_DB_driver { foreach($data as $key => $val) { - $fields[] = $key; + $fields[] = $this->_escape_column($key); $values[] = $this->escape($val); } - return $this->_insert($this->prep_tablename($table), $fields, $values); } @@ -940,7 +939,7 @@ class CI_DB_driver { $fields = array(); foreach($data as $key => $val) { - $fields[$key] = $this->escape($val); + $fields[$this->_escape_column($key)] = $this->escape($val); } if ( ! is_array($where)) diff --git a/system/database/drivers/mssql/mssql_driver.php b/system/database/drivers/mssql/mssql_driver.php index 5ac90b451..9a912a320 100644 --- a/system/database/drivers/mssql/mssql_driver.php +++ b/system/database/drivers/mssql/mssql_driver.php @@ -390,7 +390,24 @@ class CI_DB_mssql_driver extends CI_DB { // Are error numbers supported? return ''; } - + + // -------------------------------------------------------------------- + + /** + * Escape Column Name + * + * This function adds backticks around supplied column name + * + * @access private + * @param string the column name + * @return string + */ + function _escape_column($column) + { + // Not necessary with MS SQL so we simply return the value + return $column; + } + // -------------------------------------------------------------------- /** @@ -405,15 +422,7 @@ class CI_DB_mssql_driver extends CI_DB { */ function _escape_table($table) { - // I don't believe this is necessary with MS SQL. Not sure, though. - Rick - - /* - if (strpos($table, '.') !== FALSE) - { - $table = '"' . str_replace('.', '"."', $table) . '"'; - } - */ - + // Not necessary with MS SQL so we simply return the value return $table; } diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php index 9d9b6512b..de372e669 100644 --- a/system/database/drivers/mysql/mysql_driver.php +++ b/system/database/drivers/mysql/mysql_driver.php @@ -398,6 +398,22 @@ class CI_DB_mysql_driver extends CI_DB { { return mysql_errno($this->conn_id); } + + // -------------------------------------------------------------------- + + /** + * Escape Column Name + * + * This function adds backticks around supplied column name + * + * @access private + * @param string the column name + * @return string + */ + function _escape_column($column) + { + return '`' .$column. '`'; + } // -------------------------------------------------------------------- diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index cd683dfe7..35a7fc077 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -394,6 +394,22 @@ class CI_DB_mysqli_driver extends CI_DB { { return mysqli_errno($this->conn_id); } + + // -------------------------------------------------------------------- + + /** + * Escape Column Name + * + * This function adds backticks around supplied column name + * + * @access private + * @param string the column name + * @return string + */ + function _escape_column($column) + { + return '`' .$column. '`'; + } // -------------------------------------------------------------------- diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php index 765c3f6c9..b45b00326 100644 --- a/system/database/drivers/oci8/oci8_driver.php +++ b/system/database/drivers/oci8/oci8_driver.php @@ -506,6 +506,23 @@ class CI_DB_oci8_driver extends CI_DB { $error = ocierror($this->conn_id); return $error['code']; } + + // -------------------------------------------------------------------- + + /** + * Escape Column Name + * + * This function adds backticks around supplied column name + * + * @access private + * @param string the column name + * @return string + */ + function _escape_column($column) + { + // Probably not necessary with Oracle so we simply return the value + return $column; + } // -------------------------------------------------------------------- diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php index f89000d83..ed8f81cb9 100644 --- a/system/database/drivers/odbc/odbc_driver.php +++ b/system/database/drivers/odbc/odbc_driver.php @@ -371,7 +371,23 @@ class CI_DB_odbc_driver extends CI_DB { { return odbc_error($this->conn_id); } - + // -------------------------------------------------------------------- + + /** + * Escape Column Name + * + * This function adds backticks around supplied column name + * + * @access private + * @param string the column name + * @return string + */ + function _escape_column($column) + { + // Not necessary with ODBC so we simply return the value + return $column; + } + // -------------------------------------------------------------------- /** @@ -386,9 +402,9 @@ class CI_DB_odbc_driver extends CI_DB { */ function _escape_table($table) { - // used to add backticks in other db drivers + // Not necessary with ODBC so we simply return the value return $table; - } + } // -------------------------------------------------------------------- diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php index 7574ded13..3d006d3d6 100644 --- a/system/database/drivers/postgre/postgre_driver.php +++ b/system/database/drivers/postgre/postgre_driver.php @@ -391,7 +391,23 @@ class CI_DB_postgre_driver extends CI_DB { { return ''; } - + // -------------------------------------------------------------------- + + /** + * Escape Column Name + * + * This function adds backticks around supplied column name + * + * @access private + * @param string the column name + * @return string + */ + function _escape_column($column) + { + // Probably not necessary with Postgres so we simply return the value + return $column; + } + // -------------------------------------------------------------------- /** diff --git a/system/database/drivers/sqlite/sqlite_driver.php b/system/database/drivers/sqlite/sqlite_driver.php index 5cac04dfa..46e0fae49 100644 --- a/system/database/drivers/sqlite/sqlite_driver.php +++ b/system/database/drivers/sqlite/sqlite_driver.php @@ -387,7 +387,24 @@ class CI_DB_sqlite_driver extends CI_DB { { return sqlite_last_error($this->conn_id); } - + + // -------------------------------------------------------------------- + + /** + * Escape Column Name + * + * This function adds backticks around supplied column name + * + * @access private + * @param string the column name + * @return string + */ + function _escape_column($column) + { + // Not necessary with SQLite so we simply return the value + return $column; + } + // -------------------------------------------------------------------- /** @@ -402,7 +419,6 @@ class CI_DB_sqlite_driver extends CI_DB { */ function _escape_table($table) { - // other database drivers use this to add backticks, hence this // function is simply going to return the tablename for sqlite return $table; -- cgit v1.2.3-24-g4f1b