SQL query prefix bug - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: SQL query prefix bug (/showthread.php?tid=8741) |
SQL query prefix bug - El Forum - 05-29-2008 [eluser]Rvnikita[/eluser] Hi. We have: Code: $this->load->database(); After we execute it, we take: Quote:Error Number: 1054 The problem that rt_order_type must be order_type. After spending a lot of time with hand debuger, and SVN (2 days ago a upgraded from 1.5.4 to 1.6.2) for reverting previous versions, i found, that if in mysql_drive.php we will delete this code Code: if (strpos($item, '.') !== FALSE) There is no code like this in 1.5.4, but in 1.6.2 it is. As I understand, there is some problems with this lines. What must we do? .) Thank's P.S. As I understand, the problem may be, because of dots in "price < 2.8" for example. SQL query prefix bug - El Forum - 05-29-2008 [eluser]Pascal Kriete[/eluser] Don't know if this applies in your case, but you can stop the protecting by adding false as a third argument. Code: $this->db->where($where, NULL, FALSE); SQL query prefix bug - El Forum - 05-29-2008 [eluser]Rvnikita[/eluser] the problem is that i don't want to stop protection .) SQL query prefix bug - El Forum - 05-29-2008 [eluser]Derek Allard[/eluser] To be clear, it won't stop xss or sql protection, all that will do is prevent CodeIgniter from throwing `backticks` around you table name. SQL query prefix bug - El Forum - 05-30-2008 [eluser]Rvnikita[/eluser] [quote author="Derek Allard" date="1212123414"]To be clear, it won't stop xss or sql protection, all that will do is prevent CodeIgniter from throwing `backticks` around you table name.[/quote] No problem |