[eluser]Unknown[/eluser]
The db-> where_in function has a major gotcha in it.
If NULL is passed as values to the function, it is possible for the overall db query to return all of the items in the table, rather than the expected none.
Example
$this->db->from('geotargets');
$this->db->where_in('offer_id', $offer_ids);
If $offer_ids is not NULL, the query executes as something like this:
SELECT * FROM (`geotargets`) WHERE `offer_id` IN ('5', '18', '20', '8', '7', '11')
However, if $offer_ids is NULL, I would expect the query to return NULL, or an empty set, as there are no "in" parameters to evaluate. But because _where_in simply "return"s if $offer_ids is NULL, the query that gets executed is:
SELECT * FROM (`geotargets`)
I know I can check for a NULL $offer_ids before I execute the query, it just seems very dangerous for the where_in to simply "return" if the value is NULL, rather than doing something like:
if($values === NULL)
{
/* general idea, append a WHERE $key IN (NULL) to the query so the query returns nothing, rather than everything */
$query .= 'WHERE $key IN (NULL)';
}
which would return an empty set.