Add an optional escape parameter to insert() and insert_batch()
"Fixes" #1895
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index 41b30ae..a3ba773 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php
@@ -1403,13 +1403,14 @@
*
* @param string $table Table to insert into
* @param array $set An associative array of insert values
+ * @param bool $escape Whether to escape values and identifiers
* @return int Number of rows inserted or FALSE on failure
*/
- public function insert_batch($table = '', $set = NULL)
+ public function insert_batch($table = '', $set = NULL, $escape = NULL)
{
if ( ! is_null($set))
{
- $this->set_insert_batch($set);
+ $this->set_insert_batch($set, '', $escape);
}
if (count($this->qb_set) === 0)
@@ -1432,7 +1433,7 @@
$affected_rows = 0;
for ($i = 0, $total = count($this->qb_set); $i < $total; $i += 100)
{
- $this->query($this->_insert_batch($this->protect_identifiers($table, TRUE, NULL, FALSE), $this->qb_keys, array_slice($this->qb_set, $i, 100)));
+ $this->query($this->_insert_batch($this->protect_identifiers($table, TRUE, $escape, FALSE), $this->qb_keys, array_slice($this->qb_set, $i, 100)));
$affected_rows += $this->affected_rows();
}
@@ -1558,13 +1559,14 @@
*
* @param string the table to insert data into
* @param array an associative array of insert values
+ * @param bool $escape Whether to escape values and identifiers
* @return object
*/
- public function insert($table = '', $set = NULL)
+ public function insert($table = '', $set = NULL, $escape = NULL)
{
if ( ! is_null($set))
{
- $this->set($set);
+ $this->set($set, '', $escape);
}
if ($this->_validate_insert($table) === FALSE)
@@ -1574,7 +1576,7 @@
$sql = $this->_insert(
$this->protect_identifiers(
- $this->qb_from[0], TRUE, NULL, FALSE
+ $this->qb_from[0], TRUE, $escape, FALSE
),
array_keys($this->qb_set),
array_values($this->qb_set)
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 2cd0d79..570aef5 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -113,7 +113,7 @@
- Renamed the Active Record class to Query Builder to remove confusion with the Active Record design pattern.
- Added the ability to insert objects with ``insert_batch()``.
- Added new methods that return the SQL string of queries without executing them: ``get_compiled_select()``, ``get_compiled_insert()``, ``get_compiled_update()``, ``get_compiled_delete()``.
- - Added an optional parameter that allows to disable escaping (useful for custom fields) for methods ``join()``, ``order_by()``, ``where_in()``, ``or_where_in()``, ``where_not_in()``, ``or_where_not_in()``.
+ - Added an optional parameter that allows to disable escaping (useful for custom fields) for methods ``join()``, ``order_by()``, ``where_in()``, ``or_where_in()``, ``where_not_in()``, ``or_where_not_in()``, ``insert()``, ``insert_batch()``.
- Added support for ``join()`` with multiple conditions.
- Added support for *USING* in ``join()``.
- Changed ``limit()`` to ignore NULL values instead of always casting to integer.