Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 1edde30e4443bdcb54a16bf220a5a359825ab549^! / .
commit1edde30e4443bdcb54a16bf220a5a359825ab549[log] [tgz]
authorGreg Aker <greg.aker@ellislab.com>Tue Jan 26 00:17:01 2010 +0000
committerGreg Aker <greg.aker@ellislab.com>Tue Jan 26 00:17:01 2010 +0000
tree211bfe5ebf5f0b492fc89ef4b4db86f0056957ef
parent472dd21a7bc60147afff7bf100bbb6c9f339d0fc [diff]
Fixing bug in DB Driver where identifiers could be escaped in some drivers that can't accept it in the list_fields() function.

http://codeigniter.com/bug_tracker/bug/5865/
http://codeigniter.com/bug_tracker/bug/11218/

diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 390d557..d7f17cc 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php

@@ -822,7 +822,7 @@
 			return FALSE;
 		}
 		
-		if (FALSE === ($sql = $this->_list_columns($this->_protect_identifiers($table, TRUE, NULL, FALSE))))
+		if (FALSE === ($sql = $this->_list_columns($table)))
 		{
 			if ($this->db_debug)
 			{

diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php
index 85a6ef4..bd60d9f 100644
--- a/system/database/drivers/mysql/mysql_driver.php
+++ b/system/database/drivers/mysql/mysql_driver.php

@@ -408,7 +408,7 @@
 	 */
 	function _list_columns($table = '')
 	{
-		return "SHOW COLUMNS FROM ".$table;
+		return "SHOW COLUMNS FROM ".$this->_protect_identifiers($table, TRUE, NULL, FALSE);
 	}
 
 	// --------------------------------------------------------------------

diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php
index 5d7200f..d0e2def 100644
--- a/system/database/drivers/mysqli/mysqli_driver.php
+++ b/system/database/drivers/mysqli/mysqli_driver.php

@@ -409,7 +409,7 @@
 	 */
 	function _list_columns($table = '')
 	{
-		return "SHOW COLUMNS FROM ".$table;
+		return "SHOW COLUMNS FROM ".$this->_protect_identifiers($table, TRUE, NULL, FALSE);
 	}
 
 	// --------------------------------------------------------------------

diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 4214a0d..713f012 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html

@@ -75,6 +75,7 @@
 	<li>Database
 		<ul>
 			<li>Semantic change to db->version() function to allow a list of exceptions for databases with functions to return version string instead of specially formed SQL queries. Currently this list only includes Oracle and SQLite.</li>
+			<li>Fixed a bug where driver specific table identifier protection could lead to malformed queries in the <kbd>field_data()</kbd> functions.</li>
 		</ul>
 	</li>
 	<li>Helpers