From a779c48da5643ea710da7fc0941a80629a196acf Mon Sep 17 00:00:00 2001
From: clawoo <alin.claudiu.radut@gmail.com>
Date: Sat, 18 Oct 2014 14:47:04 +0300
Subject: Escape arrays sent as binding values for database queries.

---
 system/database/DB_driver.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'system')

diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 62cea758e..094356965 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -992,7 +992,12 @@ abstract class CI_DB_driver {
 	 */
 	public function escape($str)
 	{
-		if (is_string($str) OR (is_object($str) && method_exists($str, '__toString')))
+		if (is_array($str))
+		{
+			$str = array_map(array(&$this, 'escape'), $str);
+			return '('.implode(',', $str).')';
+		}
+		elseif (is_string($str) OR (is_object($str) && method_exists($str, '__toString')))
 		{
 			return "'".$this->escape_str($str)."'";
 		}
-- 
cgit v1.2.3-24-g4f1b