Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming DB Active Record. Protect identifier problem
DB Active Record. Protect identifier problem
  • El Forum
    Guest
  •  
#1
05-17-2011, 12:15 PM

[eluser]Mikhail Menshinskiy[/eluser]
Hi, all.

If I set to FALSE a $escape flag in the select() section it will be applied for the all next queries. Example:
Code:
$this->db->select('id')->from('test')->get();
//Produces: SELECT `id` FROM (`test`)
Code:
$this->db->select('id',FALSE)->from('test')->get();
//Produces: SELECT id FROM (test)
Code:
$this->db->select('id')->from('test')->get();
//Produces: SELECT id FROM (test); Without protect tables and fields with backticks
So previous queries affect the next queries. I think It's not correct. I resolved this problem by adding
Code:
$this->_protect_identifiers = TRUE;
to CI_DB_active_record->_reset_run() as last line, ie I set $this->_protect_identifiers to default value after a query. I tried to extends of CI_DB_active_record library but I can't do this.
What do you think about this? Bug or not?
  • El Forum
    Guest
  •  
#2
05-19-2011, 10:11 AM

[eluser]fivefinger-bd[/eluser]
I think you are calling this three queries in same controller.

And when you calling like this

Code:
$this->db->select('id',FALSE)->from('test')->get();

then _protect_identifiers is setting false for that instance.

It should work

Code:
$this->db->select('id', TRUE)->from('test')->get();

after calling

Code:
$this->db->select('id',FALSE)->from('test')->get();
//Produces: SELECT id FROM (test)
  • El Forum
    Guest
  •  
#3
05-19-2011, 10:33 AM

[eluser]Mikhail Menshinskiy[/eluser]
OK.

For example I created a helper which used an Active Record and not escaped query
Code:
$CI->db->select('id',FALSE)

After that I loaded this helper in already created controller for adding a new feature and this helper broke my queries because I didn't use a
Code:
$CI->db->select('id',TRUE)
in it, but used
Code:
$CI->db->select('id')
(by default CI escaped my fields and tables)

I think It's wrong for the Active_record Class.

So I added to _reset_run() method in Active_record class a line
Code:
$this->_protect_identifiers = TRUE;
This line reset a _protect_identifiers flag to default after each query

Now I don't need to remember where I used escaped and not escaped queries.
What do you think?
  • El Forum
    Guest
  •  
#4
05-19-2011, 07:57 PM

[eluser]fivefinger-bd[/eluser]
Then you may add this to support forum. They'll fixed this in next version.
  • El Forum
    Guest
  •  
#5
06-24-2011, 05:49 PM

[eluser]SneakyDave[/eluser]
I've seen this too in a recent app.

I have a general SELECT statement in which I turn off the automatic back ticks...
Code:
$this->CI->db->select('SQL_CALC_FOUND_ROWS `posts`.`id`, `posts`.`userid`,FALSE);

Once I do that, the protect_identifier function seems to be turned off..
Code:
$this->db->select(array(
        $this->tables['users'].'.*',
        $this->tables['groups'].'.name AS '. $this->db->protect_identifiers('group')               ));

That gives me an SQL error because there aren't any back ticks.

If I add the back ticks to the first query:
Code:
$this->CI->db->select('SQL_CALC_FOUND_ROWS `posts`.`id`, `posts`.`userid`,TRUE);
Then the second query doesn't return an error, so it appears that the $this->db->protect_identifiers function can't be trusted if automatic back ticking is turned off.




Theme © iAndrew 2016 - Forum software by © MyBB