Fixed a bug in which identifers were not being escaped properly when reserved characters were used
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 866b956..dbd82db 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -1302,7 +1302,7 @@
$item = $this->dbprefix.$item;
}
}
-
+
if ($protect_identifiers === TRUE AND ! in_array($item, $this->_reserved_identifiers))
{
$item = $this->_escape_identifiers($item);
diff --git a/system/database/drivers/mssql/mssql_driver.php b/system/database/drivers/mssql/mssql_driver.php
index 72dc263..6ad0880 100644
--- a/system/database/drivers/mssql/mssql_driver.php
+++ b/system/database/drivers/mssql/mssql_driver.php
@@ -427,7 +427,18 @@
{
return $item;
}
-
+
+ foreach ($this->_reserved_identifiers as $id)
+ {
+ if (strpos($item, '.'.$id) !== FALSE)
+ {
+ $str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item);
+
+ // remove duplicates if the user already included the escape
+ return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str);
+ }
+ }
+
if (strpos($item, '.') !== FALSE)
{
$str = $this->_escape_char.str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item).$this->_escape_char;
diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php
index e0a1cee..45bf771 100644
--- a/system/database/drivers/mysql/mysql_driver.php
+++ b/system/database/drivers/mysql/mysql_driver.php
@@ -434,7 +434,18 @@
{
return $item;
}
-
+
+ foreach ($this->_reserved_identifiers as $id)
+ {
+ if (strpos($item, '.'.$id) !== FALSE)
+ {
+ $str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item);
+
+ // remove duplicates if the user already included the escape
+ return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str);
+ }
+ }
+
if (strpos($item, '.') !== FALSE)
{
$str = $this->_escape_char.str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item).$this->_escape_char;
@@ -443,7 +454,7 @@
{
$str = $this->_escape_char.$item.$this->_escape_char;
}
-
+
// remove duplicates if the user already included the escape
return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str);
}
diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php
index f72db64..1b3da7a 100644
--- a/system/database/drivers/mysqli/mysqli_driver.php
+++ b/system/database/drivers/mysqli/mysqli_driver.php
@@ -425,7 +425,18 @@
{
return $item;
}
-
+
+ foreach ($this->_reserved_identifiers as $id)
+ {
+ if (strpos($item, '.'.$id) !== FALSE)
+ {
+ $str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item);
+
+ // remove duplicates if the user already included the escape
+ return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str);
+ }
+ }
+
if (strpos($item, '.') !== FALSE)
{
$str = $this->_escape_char.str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item).$this->_escape_char;
diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php
index 365c9e7..0c14677 100644
--- a/system/database/drivers/oci8/oci8_driver.php
+++ b/system/database/drivers/oci8/oci8_driver.php
@@ -533,6 +533,17 @@
{
return $item;
}
+
+ foreach ($this->_reserved_identifiers as $id)
+ {
+ if (strpos($item, '.'.$id) !== FALSE)
+ {
+ $str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item);
+
+ // remove duplicates if the user already included the escape
+ return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str);
+ }
+ }
if (strpos($item, '.') !== FALSE)
{
diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php
index 1f03771..3c6f015 100644
--- a/system/database/drivers/odbc/odbc_driver.php
+++ b/system/database/drivers/odbc/odbc_driver.php
@@ -399,6 +399,17 @@
{
return $item;
}
+
+ foreach ($this->_reserved_identifiers as $id)
+ {
+ if (strpos($item, '.'.$id) !== FALSE)
+ {
+ $str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item);
+
+ // remove duplicates if the user already included the escape
+ return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str);
+ }
+ }
if (strpos($item, '.') !== FALSE)
{
diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php
index d94cce1..68622a2 100644
--- a/system/database/drivers/postgre/postgre_driver.php
+++ b/system/database/drivers/postgre/postgre_driver.php
@@ -438,6 +438,17 @@
{
return $item;
}
+
+ foreach ($this->_reserved_identifiers as $id)
+ {
+ if (strpos($item, '.'.$id) !== FALSE)
+ {
+ $str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item);
+
+ // remove duplicates if the user already included the escape
+ return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str);
+ }
+ }
if (strpos($item, '.') !== FALSE)
{
diff --git a/system/database/drivers/sqlite/sqlite_driver.php b/system/database/drivers/sqlite/sqlite_driver.php
index 0ba483f..992e247 100644
--- a/system/database/drivers/sqlite/sqlite_driver.php
+++ b/system/database/drivers/sqlite/sqlite_driver.php
@@ -410,6 +410,17 @@
{
return $item;
}
+
+ foreach ($this->_reserved_identifiers as $id)
+ {
+ if (strpos($item, '.'.$id) !== FALSE)
+ {
+ $str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item);
+
+ // remove duplicates if the user already included the escape
+ return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $str);
+ }
+ }
if (strpos($item, '.') !== FALSE)
{