Escape arrays sent as binding values for database queries.

commit: a779c48da5643ea710da7fc0941a80629a196acf [log] [tgz]
author: clawoo <alin.claudiu.radut@gmail.com> Sat Oct 18 14:47:04 2014 +0300
committer: clawoo <alin.claudiu.radut@gmail.com> Sat Oct 18 14:47:04 2014 +0300
tree: 7aa5fee3f9a39b27937772d4c3cea6bfc0179a7a
parent: 58743d7492234272d9a0cb14117415b461cd6e8b [diff] [blame]
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 62cea75..0943569 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php

@@ -992,7 +992,12 @@
 	 */
 	public function escape($str)
 	{
-		if (is_string($str) OR (is_object($str) && method_exists($str, '__toString')))
+		if (is_array($str))
+		{
+			$str = array_map(array(&$this, 'escape'), $str);
+			return '('.implode(',', $str).')';
+		}
+		elseif (is_string($str) OR (is_object($str) && method_exists($str, '__toString')))
 		{
 			return "'".$this->escape_str($str)."'";
 		}
commit	a779c48da5643ea710da7fc0941a80629a196acf	[log] [tgz]
author	clawoo <alin.claudiu.radut@gmail.com>	Sat Oct 18 14:47:04 2014 +0300
committer	clawoo <alin.claudiu.radut@gmail.com>	Sat Oct 18 14:47:04 2014 +0300
tree	7aa5fee3f9a39b27937772d4c3cea6bfc0179a7a
parent	58743d7492234272d9a0cb14117415b461cd6e8b [diff] [blame]