[eluser]Sergi Ortega [TEAMVALLES][/eluser]
Hello,
I had the same problem two days ago when actualized CI to 1.7.X
DB Class in CI 1.6.X (Active Record) don't escape automatically queries.
Example:
Code:
$this->db->select("*,DATE_FORMAT(created,'%d-%m-%Y %h:%m:%s') as created_format")->from("foo");
This works well in 1.6.X but NOT in 1.7.X !!
The problem is that CI 1.7.X automatically escapes strange chars for preventing SQL Injection such as ( and ' and %.
CI 1.7.X now has a second parameter in SELECT method (ESCAPE OR NOT / TRUE, FALSE), by default TRUE.
So in CI 1.7.X the same query is like this:
Code:
$this->db->select("*,DATE_FORMAT(created,'%d-%m-%Y %h:%m:%s',FALSE) as created_format")->from("foo");
In 1.7.X if you're programming basic queries like:
Code:
$this->db->select("*")->from("foo");
Second parameter (ESCAPE OR NOT) don't to be passed due Select query * don't need to be escaped because haven't any strange injection chars.
Good Luck!
