DB - Active Record issue with escaping - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: DB - Active Record issue with escaping (/showthread.php?tid=15351) |
DB - Active Record issue with escaping - El Forum - 02-02-2009 [eluser]hendrik[/eluser] In CI 1.6 I used the following code which worked fine: Code: $this->db->select('lists.*, properties.createdAt'); After upgrading to CI 1.7 it doesn't work anymore and gives me the error: Code: A Database Error Occurred I've tried passing the 2nd parameter 'FALSE' Code: $this->db->select('lists.*, properties.createdAt'); which fixes the problem but I'm concerned that the call isn't as secure anymore as the resulting query is (without escapes): Code: SELECT dc_lists.*, dc_properties.createdAt FROM (dc_properties) JOIN dc_lists ON dc_lists.id = dc_properties.id Any ideas? Thanks DB - Active Record issue with escaping - El Forum - 02-02-2009 [eluser]davidbehler[/eluser] This has been reported before, guess it will be fixed in CI 1.7.1: e.g. http://ellislab.com/forums/viewthread/94808/ http://ellislab.com/forums/viewthread/103430/ As far as security is concerned I guess you won't have much of a problem as you are not using any variables in your query (so no way to inject sql code) and your table/column names don't look like they might conflict with any reserverd words in mysql. DB - Active Record issue with escaping - El Forum - 02-02-2009 [eluser]hendrik[/eluser] Thanks |