From 911d3e0fdd26ebdcb7c862a2a39ddcaef935d6f7 Mon Sep 17 00:00:00 2001
From: Derek Allard <derek.allard@ellislab.com>
Date: Mon, 15 Dec 2008 14:08:35 +0000
Subject: Fixed a bug in database escaping where a compound statement (ie:
 SUM()) wasn't handled correctly with database prefixes.

---
 system/database/DB_driver.php | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

(limited to 'system/database')

diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 4293acc91..fde0a435f 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -1204,11 +1204,20 @@ class CI_DB_driver {
 		// Basically we remove everything to the right of the first space
 		$alias = '';
 		if (strpos($item, ' ') !== FALSE)
-		{		
+		{
 			$alias = strstr($item, " ");
 			$item = substr($item, 0, - strlen($alias));
 		}
 
+		// This is basically a bug fix for queries that use MAX, MIN, etc.
+		// If a parenthesis is found we know that we do not need to 
+		// escape the data or add a prefix.  There's probably a more graceful
+		// way to deal with this, but I'm not thinking of it -- Rick
+		if (strpos($item, '(') !== FALSE)
+		{
+			return $item.$alias;
+		}
+
 		// Break the string apart if it contains periods, then insert the table prefix
 		// in the correct location, assuming the period doesn't indicate that we're dealing
 		// with an alias. While we're at it, we will escape the components
@@ -1220,7 +1229,7 @@ class CI_DB_driver {
 			// one of the aliases previously identified?  If so,
 			// we have nothing more to do other than escape the item
 			if (in_array($parts[0], $this->ar_aliased_tables))
-			{				
+			{
 				if ($protect_identifiers === TRUE)
 				{
 					foreach ($parts as $key => $val)
@@ -1284,15 +1293,6 @@ class CI_DB_driver {
 			return $item.$alias;
 		}
 
-		// This is basically a bug fix for queries that use MAX, MIN, etc.
-		// If a parenthesis is found we know that we do not need to 
-		// escape the data or add a prefix.  There's probably a more graceful
-		// way to deal with this, but I'm not thinking of it -- Rick
-		if (strpos($item, '(') !== FALSE)
-		{
-			return $item.$alias;
-		}
-		
 		// Is there a table prefix?  If not, no need to insert it
 		if ($this->dbprefix != '')
 		{
-- 
cgit v1.2.3-24-g4f1b