Welcome Guest, Not a member yet? Register   Sign In
Miss handling of the Star ( * ) char in DB_driver
#1

[eluser]Xeoncross[/eluser]
CodeIgniter 1.7.0 doesn't seem to be handling '*' right. I see it is still defined in the DB_driver file - but it is ignoring it.

Code:
var $_reserved_identifiers    = array('*'); // Identifiers that should NOT be escaped

I get the following error
Code:
Unknown column 'ci_topics.*' in 'field list'

SELECT `ci_topics`.`*`, `ci_users`.`email`, `ci_users`.`username` FROM.........

As you can see - it is not skipping the star char when it adds the back ticks. When I remove the ticks around the star and run the query in PHPMyAdmin it works fine.

Code:
SELECT `ci_topics`.*, `ci_users`.`email`, `ci_users`.`username` FROM.........
#2

[eluser]Xeoncross[/eluser]
Ok, in line 438 of mysql_driver you need to change the following

Code:
if (strpos($item, '.') !== FALSE)
        {
            $str = $this->_escape_char.str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item).$this->_escape_char;            
        }
        else
        {
            $str = $this->_escape_char.$item.$this->_escape_char;
        }
into:
Code:
if (strpos($item, '.*') !== FALSE)
        {
            $str = $this->_escape_char. str_replace('.', $this->_escape_char.'.', $item);            
                
        }
        else if (strpos($item, '.') !== FALSE)
        {
            $str = $this->_escape_char.str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item).$this->_escape_char;            
        }
        else
        {
            $str = $this->_escape_char.$item.$this->_escape_char;
        }

Because there is no checking done here for some reason...
#3

[eluser]noonereally[/eluser]
Thanks for the fix Smile I was ready to rewrite my db calls Smile
#4

[eluser]mrtopher[/eluser]
Nice catch!! This one had me scratching my head.
#5

[eluser]Rick Ellis[/eluser]
Thanks, we'll get this squared away today.
#6

[eluser]Xeoncross[/eluser]
Let me know when you do as I'll get those updated files from SVN.

Also, my fix only helps with * chars - it should really be re-written to work with all elements from $_reserved_identifiers
#7

[eluser]Rick Ellis[/eluser]
OK, I think we have a solution in place, at least for now. I think we're going to have to revisit this issue more generally at some point.
#8

[eluser]jstrebel[/eluser]
at revision 1566 and this issue seems to still be there.. field.* is dicey.
#9

[eluser]dmyers[/eluser]
Downloaded a new SVN copy still seems to be in there?

applied patch
#10

[eluser]dmyers[/eluser]
-- deleted --




Theme © iAndrew 2016 - Forum software by © MyBB