Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 3167eebb81d740e0a74b28ff0353dd4fcf110d0e^! / .
commit3167eebb81d740e0a74b28ff0353dd4fcf110d0e[log] [tgz]
authorPhil Sturgeon <email@philsturgeon.co.uk>Tue Feb 08 21:19:28 2011 +0000
committerPhil Sturgeon <email@philsturgeon.co.uk>Tue Feb 08 21:19:28 2011 +0000
tree405960e9a3313f0220a55cb74e306a88e32c93df
parentef112c0830df4a31563351125888b0d522a1c965 [diff]
MySQL Driver will now wrap field names for insert(), update() and replace() with backticks (`) so fields like "default" and "order" will not cause SQL errors.

diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php
index df18c91..c9fc1ec 100644
--- a/system/database/drivers/mysql/mysql_driver.php
+++ b/system/database/drivers/mysql/mysql_driver.php

@@ -287,12 +287,12 @@
 		if (is_array($str))
 		{
 			foreach($str as $key => $val)
-			{
+	   		{
 				$str[$key] = $this->escape_str($val, $like);
-			}
+	   		}
 
-			return $str;
-		}
+	   		return $str;
+	   	}
 
 		if (function_exists('mysql_real_escape_string') AND is_resource($this->conn_id))
 		{
@@ -532,7 +532,7 @@
 	 */
 	function _insert($table, $keys, $values)
 	{
-		return "INSERT INTO ".$table." (".implode(', ', $keys).") VALUES (".implode(', ', $values).")";
+		return "INSERT INTO ".$table." (`".implode('`, `', $keys)."`) VALUES (".implode(', ', $values).")";
 	}
 
 	// --------------------------------------------------------------------
@@ -551,7 +551,7 @@
 	 */
 	function _replace($table, $keys, $values)
 	{
-		return "REPLACE INTO ".$table." (".implode(', ', $keys).") VALUES (".implode(', ', $values).")";
+		return "REPLACE INTO ".$table." (`".implode('`, `', $keys)."`) VALUES (".implode(', ', $values).")";
 	}
 
 	// --------------------------------------------------------------------
@@ -569,7 +569,7 @@
 	 */
 	function _insert_batch($table, $keys, $values)
 	{
-		return "INSERT INTO ".$table." (".implode(', ', $keys).") VALUES ".implode(', ', $values);
+		return "INSERT INTO ".$table." (`".implode('`, `', $keys)."`) VALUES ".implode(', ', $values);
 	}
 
 	// --------------------------------------------------------------------
@@ -592,7 +592,7 @@
 	{
 		foreach($values as $key => $val)
 		{
-			$valstr[] = $key." = ".$val;
+			$valstr[] = sprintf('`%s` = %s', $key, $val);
 		}
 
 		$limit = ( ! $limit) ? '' : ' LIMIT '.$limit;

diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index cd72822..0aac5ae 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html

@@ -74,6 +74,7 @@
 <h3>Bug fixes for 2.0.1</h3>
 <ul>
 	<li class="reactor">CLI requests can now be run from any folder, not just when CD'ed next to index.php.</li>
+	<li class="reactor">MySQL Driver will now wrap field names for insert(), update() and replace() with backticks (`) so fields like "default" and "order" will not cause SQL errors.</li>
 </ul>
 
 <h2>Version 2.0.0</h2>