• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
DB prefix is placed in the wrong place when using MySQL function in SELECT clause

#1
[eluser]mattalexx[/eluser]
To recreate, create this table:
Code:
CREATE TABLE IF NOT EXISTS `site_table1` (
foo VARCHAR(255)
)
No need to put anything in because we aren't going to be able to get anything out. Connect to a database and run this code:
Code:
$this->db->dbprefix = 'site_';
$this->db->select('IF(table1.foo, TRUE, FALSE) AS foo_true');
$this->db->from('table1');
$query = $this->db->get();
I get this error:
Code:
A Database Error Occurred
Error Number: 1305
FUNCTION roses-to-you.site_IF does not exist
SELECT site_IF(table1.foo, TRUE, FALSE) AS foo_true FROM (site_table1)

#2
[eluser]mattalexx[/eluser]
Here's my hack (I'll extend the db class for this later, but right now, I'm hacking the core). Before:
Code:
// ci/database/DB_driver.php, line 1240:
if ($this->dbprefix != '')
Code:
if ($this->dbprefix != '' && preg_match('/^[a-z!]+\(/i', $parts[0]) !== 1)
Now, everything works if I use CI_DB_active_record::dbprefix() to escape everything.

EDIT: I put a shriek in the regex so that "!ISNULL(..." is supported as well as "ISNULL(...".


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.