Improve escaping, support for table names with spaces and fix where() for strings with no spaces around operators
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index 531ca9e..27f9f36 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php
@@ -459,8 +459,8 @@
{
$prefix = (count($this->qb_where) === 0 && count($this->qb_cache_where) === 0) ? '' : $type;
- $k = $this->_has_operator($k)
- ? $this->protect_identifiers(substr($k, 0, strpos(rtrim($k), ' ')), FALSE, $escape).strchr(rtrim($k), ' ')
+ $k = (($op = $this->_get_operator($k)) !== FALSE)
+ ? $this->protect_identifiers(substr($k, 0, strpos($k, $op)), FALSE, $escape).strstr($k, $op)
: $this->protect_identifiers($k, FALSE, $escape);
if (is_null($v) && ! $this->_has_operator($k))