$this->db->limit accepts negative number

[eluser]ngkong[/eluser]
if (is_numeric($this->ar_limit))
{
$sql .= "\n";
$sql = $this->_limit($sql, $this->ar_limit, $this->ar_offset);
}

negative number will be passed, however mysql doesn't accept negative for limit function.

this is bad, i dont think there are many people who sanitized their pagination variables. if db_debug set true, visitors are able to see query just by giving a negative to the URL: http://example.com/news/all/-1

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-1, 20' at line 6

turning db_debug false will bring: Call to a member function result()