• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
$this->dbutil->backup() does not protect table names

#1
[eluser]davidbehler[/eluser]
I have a table called 'group' and using
Code:
$this->dbutil->backup()
I get an SQL error:
Code:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group' at line 1

SELECT * FROM group

That's caused by not protecting the table name using backticks as 'group' is a reserved name in SQL.

For now I will have to create my own backup function that does not have this flaw, but I hope this will be fixed soon and I can use the CI function againg Smile

#2
[eluser]davidbehler[/eluser]
This can be easily achieved by adding this on line 98 in database/drivers/mysql/mysql_utility.php
Code:
$table = $this->db->protect_identifiers($table);

#3
[eluser]verynewtothis[/eluser]
Thanks waldmeister!
Big help Smile


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.