[eluser]dmyers[/eluser]
What I did in my core file as per my other post.
Add this to the core file DB_active_rec.php around line 885. Then I just add “true” to the function to “not” try to escape the input. Perhaps a final parameter on every Active Record function that trys to auto escape data would fix a lot of SQL escaping problems????
$this->db->order_by($orderby,true);
/**
* Sets the ORDER BY value
*
* @access public
* @param string
* @param string direction: asc or desc
* @return object
*/
function order_by($orderby, $direction = ‘’)
{
if ($direction === true) {
// doesn’t handle CI “caching”
$this->ar_orderby[] = $orderby;
return $this;
}