Added backticks to column names when using insert_string and update_string. Relates to this bug report: http://codeigniter.com/bug_tracker/bug/4509/
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 1450a06..b937ffd 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -911,11 +911,10 @@
foreach($data as $key => $val)
{
- $fields[] = $key;
+ $fields[] = $this->_escape_column($key);
$values[] = $this->escape($val);
}
-
return $this->_insert($this->prep_tablename($table), $fields, $values);
}
@@ -940,7 +939,7 @@
$fields = array();
foreach($data as $key => $val)
{
- $fields[$key] = $this->escape($val);
+ $fields[$this->_escape_column($key)] = $this->escape($val);
}
if ( ! is_array($where))
diff --git a/system/database/drivers/mssql/mssql_driver.php b/system/database/drivers/mssql/mssql_driver.php
index 5ac90b4..9a912a3 100644
--- a/system/database/drivers/mssql/mssql_driver.php
+++ b/system/database/drivers/mssql/mssql_driver.php
@@ -390,7 +390,24 @@
// Are error numbers supported?
return '';
}
-
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Escape Column Name
+ *
+ * This function adds backticks around supplied column name
+ *
+ * @access private
+ * @param string the column name
+ * @return string
+ */
+ function _escape_column($column)
+ {
+ // Not necessary with MS SQL so we simply return the value
+ return $column;
+ }
+
// --------------------------------------------------------------------
/**
@@ -405,15 +422,7 @@
*/
function _escape_table($table)
{
- // I don't believe this is necessary with MS SQL. Not sure, though. - Rick
-
- /*
- if (strpos($table, '.') !== FALSE)
- {
- $table = '"' . str_replace('.', '"."', $table) . '"';
- }
- */
-
+ // Not necessary with MS SQL so we simply return the value
return $table;
}
diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php
index 9d9b651..de372e6 100644
--- a/system/database/drivers/mysql/mysql_driver.php
+++ b/system/database/drivers/mysql/mysql_driver.php
@@ -398,6 +398,22 @@
{
return mysql_errno($this->conn_id);
}
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Escape Column Name
+ *
+ * This function adds backticks around supplied column name
+ *
+ * @access private
+ * @param string the column name
+ * @return string
+ */
+ function _escape_column($column)
+ {
+ return '`' .$column. '`';
+ }
// --------------------------------------------------------------------
diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php
index cd683df..35a7fc0 100644
--- a/system/database/drivers/mysqli/mysqli_driver.php
+++ b/system/database/drivers/mysqli/mysqli_driver.php
@@ -394,6 +394,22 @@
{
return mysqli_errno($this->conn_id);
}
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Escape Column Name
+ *
+ * This function adds backticks around supplied column name
+ *
+ * @access private
+ * @param string the column name
+ * @return string
+ */
+ function _escape_column($column)
+ {
+ return '`' .$column. '`';
+ }
// --------------------------------------------------------------------
diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php
index 765c3f6..b45b003 100644
--- a/system/database/drivers/oci8/oci8_driver.php
+++ b/system/database/drivers/oci8/oci8_driver.php
@@ -506,6 +506,23 @@
$error = ocierror($this->conn_id);
return $error['code'];
}
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Escape Column Name
+ *
+ * This function adds backticks around supplied column name
+ *
+ * @access private
+ * @param string the column name
+ * @return string
+ */
+ function _escape_column($column)
+ {
+ // Probably not necessary with Oracle so we simply return the value
+ return $column;
+ }
// --------------------------------------------------------------------
diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php
index f89000d..ed8f81c 100644
--- a/system/database/drivers/odbc/odbc_driver.php
+++ b/system/database/drivers/odbc/odbc_driver.php
@@ -371,7 +371,23 @@
{
return odbc_error($this->conn_id);
}
-
+ // --------------------------------------------------------------------
+
+ /**
+ * Escape Column Name
+ *
+ * This function adds backticks around supplied column name
+ *
+ * @access private
+ * @param string the column name
+ * @return string
+ */
+ function _escape_column($column)
+ {
+ // Not necessary with ODBC so we simply return the value
+ return $column;
+ }
+
// --------------------------------------------------------------------
/**
@@ -386,9 +402,9 @@
*/
function _escape_table($table)
{
- // used to add backticks in other db drivers
+ // Not necessary with ODBC so we simply return the value
return $table;
- }
+ }
// --------------------------------------------------------------------
diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php
index 7574ded..3d006d3 100644
--- a/system/database/drivers/postgre/postgre_driver.php
+++ b/system/database/drivers/postgre/postgre_driver.php
@@ -391,7 +391,23 @@
{
return '';
}
-
+ // --------------------------------------------------------------------
+
+ /**
+ * Escape Column Name
+ *
+ * This function adds backticks around supplied column name
+ *
+ * @access private
+ * @param string the column name
+ * @return string
+ */
+ function _escape_column($column)
+ {
+ // Probably not necessary with Postgres so we simply return the value
+ return $column;
+ }
+
// --------------------------------------------------------------------
/**
diff --git a/system/database/drivers/sqlite/sqlite_driver.php b/system/database/drivers/sqlite/sqlite_driver.php
index 5cac04d..46e0fae 100644
--- a/system/database/drivers/sqlite/sqlite_driver.php
+++ b/system/database/drivers/sqlite/sqlite_driver.php
@@ -387,7 +387,24 @@
{
return sqlite_last_error($this->conn_id);
}
-
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Escape Column Name
+ *
+ * This function adds backticks around supplied column name
+ *
+ * @access private
+ * @param string the column name
+ * @return string
+ */
+ function _escape_column($column)
+ {
+ // Not necessary with SQLite so we simply return the value
+ return $column;
+ }
+
// --------------------------------------------------------------------
/**
@@ -402,7 +419,6 @@
*/
function _escape_table($table)
{
-
// other database drivers use this to add backticks, hence this
// function is simply going to return the tablename for sqlite
return $table;