Commits

Greg Aker  committed 6e218cf

Fixed a bug (Core #340) where when passing in the second parameter to $this->db->select(), column names in subsequent queries would not be properly escaped.

  • Participants
  • Parent commits 60d8d09

Comments (0)

Files changed (2)

File system/database/DB_active_rec.php

 	var $ar_cache_having		= array();
 	var $ar_cache_orderby		= array();
 	var $ar_cache_set			= array();
+	
+	var $ar_no_escape 			= array();
 
 
 	// --------------------------------------------------------------------
 	 */
 	function select($select = '*', $escape = NULL)
 	{
-		// Set the global value if this was sepecified
-		if (is_bool($escape))
-		{
-			$this->_protect_identifiers = $escape;
-		}
-
 		if (is_string($select))
 		{
 			$select = explode(',', $select);
 			if ($val != '')
 			{
 				$this->ar_select[] = $val;
+				$this->ar_no_escape[] = $escape;
 
 				if ($this->ar_caching === TRUE)
 				{
 
 					$v = ' '.$this->escape($v);
 				}
-
+				
 				if ( ! $this->_has_operator($k))
 				{
-					$k .= ' =';
+					$k .= ' = ';
 				}
 			}
 			else
 				// is because until the user calls the from() function we don't know if there are aliases
 				foreach ($this->ar_select as $key => $val)
 				{
-					$this->ar_select[$key] = $this->_protect_identifiers($val);
+					$this->ar_select[$key] = $this->_protect_identifiers($val, FALSE, $this->ar_no_escape[$key]);
 				}
 
 				$sql .= implode(', ', $this->ar_select);
 
 		if (count($this->ar_where) > 0 OR count($this->ar_like) > 0)
 		{
-			$sql .= "\n";
-
-			$sql .= "WHERE ";
+			$sql .= "\nWHERE ";
 		}
 
 		$sql .= implode("\n", $this->ar_where);
 								'ar_orderby'		=> array(),
 								'ar_wherein'		=> array(),
 								'ar_aliased_tables'	=> array(),
+								'ar_no_escape'		=> array(),
 								'ar_distinct'		=> FALSE,
 								'ar_limit'			=> FALSE,
 								'ar_offset'			=> FALSE,

File user_guide/changelog.html

 	<li class="reactor">Removed <samp>APPPATH.'third_party'</samp> from the packages autoloader to negate needless file stats if no packages exist or if the developer does not load any other packages by default.</li>
 	<li>Fixed a bug (Reactor #231) where Sessions Library database table example SQL did not contain an index on last_activity. See <a href="installation/upgrade_203.html">Upgrade Notes</a>.</li>
 	<li>Fixed a bug (Reactor #229) where the Sessions Library example SQL in the documentation contained incorrect SQL.</li>
+	<li>Fixed a bug (Core #340) where when passing in the second parameter to $this->db->select(), column names in subsequent queries would not be properly escaped.</li>
 </ul>
 
 <h2>Version 2.0.2</h2>