order by incorrect escaping - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: order by incorrect escaping (/showthread.php?tid=22925) |
order by incorrect escaping - El Forum - 09-23-2009 [eluser]dmyers[/eluser] My MySQL order by clause contains $orderby = ‘concat(firstname,lastname) asc’ because I want to sort by the combined first and last names (which works in MySQL) but, when I try to add it with CI active record via $this->db->order_by($orderby) it doesn’t work because CI tries to escape it to ORDER BY CONCAT(firstname, `lastname)` asc which of course throws a MySQL error. How can I add it and not have CI try to escape it? Is there a secret “don’t escape” parameter? I suppose a change as such needs to be done in the core files. order by incorrect escaping - El Forum - 09-25-2009 [eluser]dmyers[/eluser] What I did in my core file as per my other post. Add this to the core file DB_active_rec.php around line 885. Then I just add “true” to the function to “not” try to escape the input. Perhaps a final parameter on every Active Record function that trys to auto escape data would fix a lot of SQL escaping problems???? $this->db->order_by($orderby,true); /** * Sets the ORDER BY value * * @access public * @param string * @param string direction: asc or desc * @return object */ function order_by($orderby, $direction = ‘’) { if ($direction === true) { // doesn’t handle CI “caching” $this->ar_orderby[] = $orderby; return $this; } order by incorrect escaping - El Forum - 09-11-2013 [eluser]hyperfire[/eluser] Just leaving this here for future reference: // set this to false so that _protect_identifiers skips escaping: $this->db->_protect_identifiers = FALSE; // your order_by line: $this -> db -> order_by('FIELD ( products.country_id, 2, 0, 1 )'); // important to set this back to TRUE or ALL of your queries from now on will be non-escaped: $this->db->_protect_identifiers = TRUE; order by incorrect escaping - El Forum - 09-06-2014 [eluser]tolinho[/eluser] @hyperfire Big thanks!! Solved my problem with you suggestion |