+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Active Record and Protect Identifiers (/showthread.php?tid=33812)
Active Record and Protect Identifiers - El Forum - 09-09-2010
[eluser]davetao[/eluser]
Hello guys,
My team and I have come across this very peculiar problem related to escaped query parameters
Here is the test case;
$this->db->select('mytitle', FALSE)->get('mytable');
$this->db->select('order')->get('mytable');
# creates the error because 'order' is not escaped automatically.
Looking at the active record code, i have found this...
function select($select = '*', $escape = NULL)
{
// Set the global value if this was sepecified
if (is_bool($escape))
{
$this->_protect_identifiers = $escape;
}
...
My question is this, is this feature a part of the codeigniter design or is it a bug because our assumption as developers, setting the $escape = FALSE should only run for that query, rather than for the entire page request.
Our solution was to RESET the protect_identifiers = TRUE after each query
Active Record and Protect Identifiers - El Forum - 09-12-2012
[eluser]Reneesh T K[/eluser]
I now faced the same issue and solved it by adding two lines on code to the select function.
You can see it at the following url:
http://myphplibrary.blogspot.in/2012/09/protect-table-and-field-names-with.html