Escape WHERE clause field names in the DB update_string() method

commit: dc46d99fe8ab2058df15c6a7608e5ae41ffffb2b [log] [tgz]
author: Andrey Andreev <narf@bofh.bg> Sat Sep 24 16:25:23 2011 +0300
committer: Andrey Andreev <narf@bofh.bg> Sat Sep 24 16:25:23 2011 +0300
tree: df684d043b4303b1cabdd18b56e49aa2907207de
parent: d26133be24eef68b1bead61e7e808f4424a71a0a [diff] [blame]
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 300ca29..12c0530 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php

@@ -950,6 +950,7 @@
 			foreach ($where as $key => $val)
 			{
 				$prefix = (count($dest) == 0) ? '' : ' AND ';
+				$key = $this->_protect_identifiers($key);
 
 				if ($val !== '')
 				{
@@ -1390,4 +1391,4 @@
 
 
 /* End of file DB_driver.php */
-/* Location: ./system/database/DB_driver.php */
\ No newline at end of file
+/* Location: ./system/database/DB_driver.php */
commit	dc46d99fe8ab2058df15c6a7608e5ae41ffffb2b	[log] [tgz]
author	Andrey Andreev <narf@bofh.bg>	Sat Sep 24 16:25:23 2011 +0300
committer	Andrey Andreev <narf@bofh.bg>	Sat Sep 24 16:25:23 2011 +0300
tree	df684d043b4303b1cabdd18b56e49aa2907207de
parent	d26133be24eef68b1bead61e7e808f4424a71a0a [diff] [blame]