$this->db->escape() - Fix.

[eluser]cmgmyr[/eluser]
Glad I came across this post, I needed this. Thanks! I've updated the update_string function for this too in case anyone needed it.

Code:

function update_string($table, $data, $where)
    {
        if ($where == '')
        {
            return false;
        }
                    
        $fields = array();
        foreach($data as $key => $val)
        {
            if (is_numeric($key) === false && stristr($val,'NOW()') === false && stristr($val,$key) === false) {
                $fields[$key] = $this->escape($val);
            } else {
                $fields[$key] = $val;
            }
        }

        if ( ! is_array($where))
        {
            $dest = array($where);
        }
        else
        {
            $dest = array();
            foreach ($where as $key => $val)
            {
                $prefix = (count($dest) == 0) ? '' : ' AND ';
    
                if ($val !== '')
                {
                    if ( ! $this->_has_operator($key))
                    {
                        $key .= ' =';
                    }
                
                    $val = ' '.$this->escape($val);
                }
                            
                $dest[] = $prefix.$key.$val;
            }
        }        

        return $this->_update($this->prep_tablename($table), $fields, $dest);
    }