Commits

Phil Sturgeon committed 10aaceb

MySQL Driver will now wrap field names for insert(), update() and replace() with backticks (`) so fields like "default" and "order" will not cause SQL errors.

  • Participants
  • Parent commits 29be5ab
  • Branches migrations

Comments (0)

Files changed (2)

system/database/drivers/mysql/mysql_driver.php

 		if (is_array($str))
 		{
 			foreach($str as $key => $val)
-			{
+	   		{
 				$str[$key] = $this->escape_str($val, $like);
-			}
+	   		}
 
-			return $str;
-		}
+	   		return $str;
+	   	}
 
 		if (function_exists('mysql_real_escape_string') AND is_resource($this->conn_id))
 		{
 	 */
 	function _insert($table, $keys, $values)
 	{
-		return "INSERT INTO ".$table." (".implode(', ', $keys).") VALUES (".implode(', ', $values).")";
+		return "INSERT INTO ".$table." (`".implode('`, `', $keys)."`) VALUES (".implode(', ', $values).")";
 	}
 
 	// --------------------------------------------------------------------
 	 */
 	function _replace($table, $keys, $values)
 	{
-		return "REPLACE INTO ".$table." (".implode(', ', $keys).") VALUES (".implode(', ', $values).")";
+		return "REPLACE INTO ".$table." (`".implode('`, `', $keys)."`) VALUES (".implode(', ', $values).")";
 	}
 
 	// --------------------------------------------------------------------
 	 */
 	function _insert_batch($table, $keys, $values)
 	{
-		return "INSERT INTO ".$table." (".implode(', ', $keys).") VALUES ".implode(', ', $values);
+		return "INSERT INTO ".$table." (`".implode('`, `', $keys)."`) VALUES ".implode(', ', $values);
 	}
 
 	// --------------------------------------------------------------------
 	{
 		foreach($values as $key => $val)
 		{
-			$valstr[] = $key." = ".$val;
+			$valstr[] = sprintf('`%s` = %s', $key, $val);
 		}
 
 		$limit = ( ! $limit) ? '' : ' LIMIT '.$limit;

user_guide/changelog.html

 <h3>Bug fixes for 2.0.1</h3>
 <ul>
 	<li class="reactor">CLI requests can now be run from any folder, not just when CD'ed next to index.php.</li>
+	<li class="reactor">MySQL Driver will now wrap field names for <kbd>insert()</kbd>, <kbd>update()</kbd> and <kbd>replace()</kbd> with backticks (`) so fields like "default" and "order" will not cause SQL errors.</li>
 </ul>
 
 <h2>Version 2.0.0</h2>