Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming ActiveRecord set and update not escaping
ActiveRecord set and update not escaping
  • El Forum
    Guest
  •  
#1
03-25-2009, 03:32 PM

[eluser]phazei[/eluser]
I'm using CI1.7.1 and both
$data = array(.....)
->set($data) and ->update('table',$data)
do not escape the col names with backticks.

Is this just me or has anyone else noticed this?

I noticed because I have a new table with a column named `limit`
  • El Forum
    Guest
  •  
#2
03-26-2009, 12:11 PM

[eluser]Nabeel[/eluser]
I'm seeing the backticks, but not the single-quotes around values
  • El Forum
    Guest
  •  
#3
03-26-2009, 12:21 PM

[eluser]Nabeel[/eluser]
This was odd, the values were not encapsulated with single quotes; I don't know if this was as designed, but didn't make much sense to me. I changed it to do this, is the $escape parameter is false:

DB_active_req.php, in the function set($key, $value = '', $escape = TRUE), starting line 999.

Code:
foreach ($key as $k => $v)
{
    if ($escape === FALSE)
    {
        $this->ar_set[$this->_protect_identifiers($k)] = $v;
    }
    else
    {
        $this->ar_set[$this->_protect_identifiers($k)] = '\''.$this->escape($v).'\'';
    }
}

Adding single quotes around the escaped value.




Theme © iAndrew 2016 - Forum software by © MyBB