[eluser]BlueCamel[/eluser]
In CI 1.6.1 I ran into having() not quoting properly. I looked at the function _having() and noticed it was using escape_str() instead of escape() like function _where(). Chaning this solved my situation.
Simple test case:
$this->db->having('field', 'show stats -c')
Code:
--- DB_active_rec.php.orig 2008-04-16 21:59:16.000000000 -0400
+++ DB_active_rec.php 2008-04-16 21:59:24.000000000 -0400
@@ -824,7 +824,7 @@
if ($v != '')
{
- $v = ' '.$this->escape_str($v);
+ $v = ' '.$this->escape($v);
}
$this->ar_having[] = $prefix.$k.$v;