Fix WHERE escaping/prefixing

commit: 6e7047576338e896a43a35eb2fa79136adc01d8d [log] [tgz]
author: Andrey Andreev <narf@bofh.bg> Wed Jul 18 00:46:33 2012 +0300
committer: Andrey Andreev <narf@bofh.bg> Wed Jul 18 00:46:33 2012 +0300
tree: 70afe45c9ce42390ebc1df213efe27be64fd7f34
parent: 4253d320e229150eab6e5d0333508c85e434f3e3 [diff] [blame]
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index d63a1d9..b7c6b4e 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php

@@ -1168,8 +1168,21 @@
 	 */
 	protected function _get_operator($str)
 	{
-		return preg_match('/(=|!|<|>| IS NULL| IS NOT NULL| BETWEEN)/i', $str, $match)
-			? $match[1] : FALSE;
+		static $_operators = array(
+			'\s*(?:<|>|!)?=\s*',		// =, <=, >=, !=
+			'\s*<>?\s*',			// <, <>
+			'\s*>\s*',			// >
+			'\s+IS NULL',			// IS NULL
+			'\s+IS NOT NULL',		// IS NOT NULL
+			'\s+LIKE\s+',			// LIKE
+			'\s+NOT LIKE\s+',		// NOT LIKE
+			'\s+BETWEEN\s+\S+\s+AND\s+\S+',	// BETWEEN value AND value
+			'\s+IN\s*\([^\)]+\)',		// IN(list)
+			'\s+NOT IN\s*\([^\)]+\)'	// NOT IN (list)
+		);
+
+		return preg_match('/'.implode('|', $_operators).'/i', $str, $match)
+			? $match[0] : FALSE;
 	}
 
 	// --------------------------------------------------------------------
commit	6e7047576338e896a43a35eb2fa79136adc01d8d	[log] [tgz]
author	Andrey Andreev <narf@bofh.bg>	Wed Jul 18 00:46:33 2012 +0300
committer	Andrey Andreev <narf@bofh.bg>	Wed Jul 18 00:46:33 2012 +0300
tree	70afe45c9ce42390ebc1df213efe27be64fd7f34
parent	4253d320e229150eab6e5d0333508c85e434f3e3 [diff] [blame]