Fixed a bug in database escaping where a compound statement (ie: SUM()) wasn't handled correctly with database prefixes.
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 4293acc..fde0a43 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -1204,11 +1204,20 @@
// Basically we remove everything to the right of the first space
$alias = '';
if (strpos($item, ' ') !== FALSE)
- {
+ {
$alias = strstr($item, " ");
$item = substr($item, 0, - strlen($alias));
}
+ // This is basically a bug fix for queries that use MAX, MIN, etc.
+ // If a parenthesis is found we know that we do not need to
+ // escape the data or add a prefix. There's probably a more graceful
+ // way to deal with this, but I'm not thinking of it -- Rick
+ if (strpos($item, '(') !== FALSE)
+ {
+ return $item.$alias;
+ }
+
// Break the string apart if it contains periods, then insert the table prefix
// in the correct location, assuming the period doesn't indicate that we're dealing
// with an alias. While we're at it, we will escape the components
@@ -1220,7 +1229,7 @@
// one of the aliases previously identified? If so,
// we have nothing more to do other than escape the item
if (in_array($parts[0], $this->ar_aliased_tables))
- {
+ {
if ($protect_identifiers === TRUE)
{
foreach ($parts as $key => $val)
@@ -1284,15 +1293,6 @@
return $item.$alias;
}
- // This is basically a bug fix for queries that use MAX, MIN, etc.
- // If a parenthesis is found we know that we do not need to
- // escape the data or add a prefix. There's probably a more graceful
- // way to deal with this, but I'm not thinking of it -- Rick
- if (strpos($item, '(') !== FALSE)
- {
- return $item.$alias;
- }
-
// Is there a table prefix? If not, no need to insert it
if ($this->dbprefix != '')
{