Fix #4871
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index 7a008ee..5491b20 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php
@@ -1915,7 +1915,7 @@
$affected_rows = 0;
for ($i = 0, $total = count($this->qb_set); $i < $total; $i += $batch_size)
{
- if ($this->query($this->_update_batch($this->protect_identifiers($table, TRUE, NULL, FALSE), array_slice($this->qb_set, $i, $batch_size), $this->protect_identifiers($index))))
+ if ($this->query($this->_update_batch($this->protect_identifiers($table, TRUE, NULL, FALSE), array_slice($this->qb_set, $i, $batch_size), $index)))
{
$affected_rows += $this->affected_rows();
}
@@ -1941,6 +1941,8 @@
*/
protected function _update_batch($table, $values, $index)
{
+ $index_escaped = $this->protect_identifiers($index);
+
$ids = array();
foreach ($values as $key => $val)
{
@@ -1950,7 +1952,7 @@
{
if ($field !== $index)
{
- $final[$field][] = 'WHEN '.$index.' = '.$val[$index].' THEN '.$val[$field];
+ $final[$field][] = 'WHEN '.$index_escaped.' = '.$val[$index].' THEN '.$val[$field];
}
}
}
@@ -1963,7 +1965,7 @@
.'ELSE '.$k.' END, ';
}
- $this->where($index.' IN('.implode(',', $ids).')', NULL, FALSE);
+ $this->where($index_escaped.' IN('.implode(',', $ids).')', NULL, FALSE);
return 'UPDATE '.$table.' SET '.substr($cases, 0, -2).$this->_compile_wh('qb_where');
}
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 51242ef..58ca20e 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -19,6 +19,7 @@
-------------------
- Fixed a regression (#4874) - :doc:`Session Library <libraries/sessions>` didn't take into account ``session.hash_bits_per_character`` when validating session IDs.
+- Fixed a bug (#4871) - :doc:`Query Builder <database/query_builder>` method ``update_batch()`` didn't properly handle identifier escaping.
Version 3.1.1
=============