Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Add an optional escape parameter to insert() and insert_batch()

"Fixes" #1895
  • Loading branch information...
commit bdd9c118c6e04ec8dc9b6bb1a2fb8a39214dca72 1 parent a7ddd2d
@narfbg narfbg authored
View
14 system/database/DB_query_builder.php
@@ -1403,13 +1403,14 @@ public function get_where($table = '', $where = NULL, $limit = NULL, $offset = N
*
* @param string $table Table to insert into
* @param array $set An associative array of insert values
+ * @param bool $escape Whether to escape values and identifiers
* @return int Number of rows inserted or FALSE on failure
*/
- public function insert_batch($table = '', $set = NULL)
+ public function insert_batch($table = '', $set = NULL, $escape = NULL)
{
if ( ! is_null($set))
{
- $this->set_insert_batch($set);
+ $this->set_insert_batch($set, '', $escape);
}
if (count($this->qb_set) === 0)
@@ -1432,7 +1433,7 @@ public function insert_batch($table = '', $set = NULL)
$affected_rows = 0;
for ($i = 0, $total = count($this->qb_set); $i < $total; $i += 100)
{
- $this->query($this->_insert_batch($this->protect_identifiers($table, TRUE, NULL, FALSE), $this->qb_keys, array_slice($this->qb_set, $i, 100)));
+ $this->query($this->_insert_batch($this->protect_identifiers($table, TRUE, $escape, FALSE), $this->qb_keys, array_slice($this->qb_set, $i, 100)));
$affected_rows += $this->affected_rows();
}
@@ -1558,13 +1559,14 @@ public function get_compiled_insert($table = '', $reset = TRUE)
*
* @param string the table to insert data into
* @param array an associative array of insert values
+ * @param bool $escape Whether to escape values and identifiers
* @return object
*/
- public function insert($table = '', $set = NULL)
+ public function insert($table = '', $set = NULL, $escape = NULL)
{
if ( ! is_null($set))
{
- $this->set($set);
+ $this->set($set, '', $escape);
}
if ($this->_validate_insert($table) === FALSE)
@@ -1574,7 +1576,7 @@ public function insert($table = '', $set = NULL)
$sql = $this->_insert(
$this->protect_identifiers(
- $this->qb_from[0], TRUE, NULL, FALSE
+ $this->qb_from[0], TRUE, $escape, FALSE
),
array_keys($this->qb_set),
array_values($this->qb_set)
View
2  user_guide_src/source/changelog.rst
@@ -113,7 +113,7 @@ Release Date: Not Released
- Renamed the Active Record class to Query Builder to remove confusion with the Active Record design pattern.
- Added the ability to insert objects with ``insert_batch()``.
- Added new methods that return the SQL string of queries without executing them: ``get_compiled_select()``, ``get_compiled_insert()``, ``get_compiled_update()``, ``get_compiled_delete()``.
- - Added an optional parameter that allows to disable escaping (useful for custom fields) for methods ``join()``, ``order_by()``, ``where_in()``, ``or_where_in()``, ``where_not_in()``, ``or_where_not_in()``.
+ - Added an optional parameter that allows to disable escaping (useful for custom fields) for methods ``join()``, ``order_by()``, ``where_in()``, ``or_where_in()``, ``where_not_in()``, ``or_where_not_in()``, ``insert()``, ``insert_batch()``.
- Added support for ``join()`` with multiple conditions.
- Added support for *USING* in ``join()``.
- Changed ``limit()`` to ignore NULL values instead of always casting to integer.
Please sign in to comment.
Something went wrong with that request. Please try again.