Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Upgrading "system/database" folder breaks my application
Upgrading "system/database" folder breaks my application
  • El Forum
    Guest
  •  
#21
02-17-2009, 06:24 PM

[eluser]TheFuzzy0ne[/eluser]
Can you post a copy of the code for the _compile_select() function in ./system/database/DB_active_rec.php? I'd like to compare it to the newest version.
  • El Forum
    Guest
  •  
#22
02-17-2009, 06:25 PM

[eluser]TheFuzzy0ne[/eluser]
Haha. Yeah, it's escaping the whole select part of the query and not just the identifiers.
  • El Forum
    Guest
  •  
#23
02-17-2009, 06:26 PM

[eluser]KeyStroke[/eluser]
TheFuzzy0ne, here's the code:
Code:
function _compile_select($select_override = FALSE)
    {
        // Combine any cached components with the current statements
        $this->_merge_cache();

        // ----------------------------------------------------------------
        
        // Write the "select" portion of the query

        if ($select_override !== FALSE)
        {
            $sql = $select_override;
        }
        else
        {
            $sql = ( ! $this->ar_distinct) ? 'SELECT ' : 'SELECT DISTINCT ';
        
            if (count($this->ar_select) == 0)
            {
                $sql .= '*';        
            }
            else
            {                
                // Cycle through the "select" portion of the query and prep each column name.
                // The reason we protect identifiers here rather then in the select() function
                // is because until the user calls the from() function we don't know if there are aliases
                foreach ($this->ar_select as $key => $val)
                {
                    $this->ar_select[$key] = $this->_protect_identifiers($val);
                }
                
                $sql .= implode(', ', $this->ar_select);
            }
        }

        // ----------------------------------------------------------------
        
        // Write the "FROM" portion of the query

        if (count($this->ar_from) > 0)
        {
            $sql .= "\nFROM ";

            $sql .= $this->_from_tables($this->ar_from);
        }

        // ----------------------------------------------------------------
        
        // Write the "JOIN" portion of the query

        if (count($this->ar_join) > 0)
        {
            $sql .= "\n";

            $sql .= implode("\n", $this->ar_join);
        }

        // ----------------------------------------------------------------
        
        // Write the "WHERE" portion of the query

        if (count($this->ar_where) > 0 OR count($this->ar_like) > 0)
        {
            $sql .= "\n";

            $sql .= "WHERE ";
        }

        $sql .= implode("\n", $this->ar_where);

        // ----------------------------------------------------------------
        
        // Write the "LIKE" portion of the query
    
        if (count($this->ar_like) > 0)
        {
            if (count($this->ar_where) > 0)
            {
                $sql .= "\nAND ";
            }

            $sql .= implode("\n", $this->ar_like);
        }

        // ----------------------------------------------------------------
        
        // Write the "GROUP BY" portion of the query
    
        if (count($this->ar_groupby) > 0)
        {
            $sql .= "\nGROUP BY ";
            
            $sql .= implode(', ', $this->ar_groupby);
        }

        // ----------------------------------------------------------------
        
        // Write the "HAVING" portion of the query
        
        if (count($this->ar_having) > 0)
        {
            $sql .= "\nHAVING ";
            $sql .= implode("\n", $this->ar_having);
        }

        // ----------------------------------------------------------------
        
        // Write the "ORDER BY" portion of the query

        if (count($this->ar_orderby) > 0)
        {
            $sql .= "\nORDER BY ";
            $sql .= implode(', ', $this->ar_orderby);
            
            if ($this->ar_order !== FALSE)
            {
                $sql .= ($this->ar_order == 'desc') ? ' DESC' : ' ASC';
            }        
        }

        // ----------------------------------------------------------------
        
        // Write the "LIMIT" portion of the query
        
        if (is_numeric($this->ar_limit))
        {
            $sql .= "\n";
            $sql = $this->_limit($sql, $this->ar_limit, $this->ar_offset);
        }

        return $sql;
    }
  • El Forum
    Guest
  •  
#24
02-17-2009, 06:38 PM

[eluser]TheFuzzy0ne[/eluser]
I sit corrected. It's the function named _protect_identifiers() in ./system/database/DB_driver.php that's the problem. It's explodes by the dots, instead of splitting by . and =.

EDIT: Correction, I don't think that's the problem, but the problem is definitely within this function for sure.
  • El Forum
    Guest
  •  
#25
02-17-2009, 06:45 PM

[eluser]TheFuzzy0ne[/eluser]
I've added a line which, in theory, should fix it. I haven't tested it though. It should add a space either side of the "=".
Code:
function _protect_identifiers($item, $prefix_single = FALSE, $protect_identifiers = NULL, $field_exists = TRUE)
{
    if ( ! is_bool($protect_identifiers))
    {
        $protect_identifiers = $this->_protect_identifiers;
    }

    /* This should make it work. */
    strtr($item, array('=' => ' = '));

    // Convert tabs or multiple spaces into single spaces    
    $item = preg_replace('/[\t| ]+/', ' ', $item);

    // If the item has an alias declaration we remove it and set it aside.
    // Basically we remove everything to the right of the first space
    $alias = '';
    if (strpos($item, ' ') !== FALSE)
    {        
        $alias = strstr($item, " ");
        $item = substr($item, 0, - strlen($alias));
    }

    ...




Theme © iAndrew 2016 - Forum software by © MyBB