Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Database class not escaping reserved words in action queries
Database class not escaping reserved words in action queries
  • El Forum
    Guest
  •  
#1
12-08-2008, 04:18 AM

[eluser]mattalexx[/eluser]
The database class isn't escaping reserved words in insert or update statements.

To recreate, run this SQL in MySQL:
Code:
CREATE TABLE test (
`key` CHAR(3)
);
Then run this from a controller:
Code:
$this->db->insert('test', array('key' => 'foo'));
You should get this error:
Code:
A Database Error Occurred

Error Number: 1064

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'key) VALUES ('foo')' at line 1

INSERT INTO test (key) VALUES ('foo')
It's the same with UPDATE:
Code:
$this->db->insert('test', array('key' => 'foo'));
Code:
A Database Error Occurred

Error Number: 1064

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'key = 'foo'' at line 1

UPDATE test SET key = 'foo'


Messages In This Thread
Database class not escaping reserved words in action queries - by El Forum - 12-08-2008, 04:18 AM



Theme © iAndrew 2016 - Forum software by © MyBB