Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Active Record with MSSQL join clause not maintaining field name escapes #1649

Open
lhagemann opened this Issue · 2 comments

3 participants

@lhagemann

Using CI v.1.72

$this->db->select('[Key Field], MemberInfo.OtherField');
$this->db->limit(10);
$this->db->from('primaryTable');
$this->db->join('MemberInfo', '[Member Number] = Member_Number', 'left');
$this->db->where('[Member Number]  = 573');
$this->db->where('[Incident Date] BETWEEN '. $DateStart . ' AND ' . $DateEnd);

yields the following Query:

SELECT  TOP 10 [Key Field], MemberInfo.OtherField
FROM primaryTable
LEFT JOIN MemberInfo ON Member Number] = Member_Number
WHERE [Member Number] = '573'
AND [Incident Date] BETWEEN 2012-01-01 AND 2012-07-19

Note the Join Clause Field name is not fully escaped in the resulting query.

@narfbg
Owner

While version 1.72 is indeed outdated and I should suggest that you upgrade, I don't think that identifiers containing spaces were ever supported.

@lhagemann

Issue is also present in v2.1.2

The problem is specific to the JOIN function in DB_active_rec.php (other functions support MSSQL escaped field names correctly.

The patch below will fix the issue:

--- a/CodeIgniter/v2.1.2/database/DB_active_rec.php
+++ b/CodeIgniter/v2.1.2/database/DB_active_rec.php
@@ -328,7 +328,7 @@ class CI_DB_active_record extends CI_DB_driver {
                $this->_track_aliases($table);

                // Strip apart the condition and protect the identifiers
-               if (preg_match('/([\w\.]+)([\W\s]+)(.+)/', $cond, $match))
+               if (preg_match('/([\[\w\.]+)([\W\s]+)(.+)/', $cond, $match))
                {
                        $match[1] = $this->_protect_identifiers($match[1]);
                        $match[3] = $this->_protect_identifiers($match[3]);
@jim-parry jim-parry added the Bug label
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.