From d24160cc4348c32c0c1ec7350e2e2dada2c9291a Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@bofh.bg>
Date: Sat, 16 Jun 2012 03:21:20 +0300
Subject: Changed order_by() default escaping to _protect_identifiers

---
 system/database/DB_query_builder.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'system')

diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index 486fda963..5eb6bbb4e 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php
@@ -967,7 +967,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
 	 * @param	bool	enable field name escaping
 	 * @return	object
 	 */
-	public function order_by($orderby, $direction = '', $escape = TRUE)
+	public function order_by($orderby, $direction = '', $escape = NULL)
 	{
 		if (strtolower($direction) === 'random')
 		{
@@ -979,8 +979,9 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
 			$direction = in_array(strtoupper(trim($direction)), array('ASC', 'DESC'), TRUE) ? ' '.$direction : ' ASC';
 		}
 
+		is_bool($escape) OR $escape = $this->_protect_identifiers;
 
-		if ((strpos($orderby, ',') !== FALSE) && $escape === TRUE)
+		if ($escape === TRUE && strpos($orderby, ',') !== FALSE)
 		{
 			$temp = array();
 			foreach (explode(',', $orderby) as $part)
-- 
cgit v1.2.3-24-g4f1b