Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Active Record with MSSQL join clause not maintaining field name escapes #1649

lhagemann opened this Issue · 2 comments

3 participants


Using CI v.1.72

$this->db->select('[Key Field], MemberInfo.OtherField');
$this->db->join('MemberInfo', '[Member Number] = Member_Number', 'left');
$this->db->where('[Member Number]  = 573');
$this->db->where('[Incident Date] BETWEEN '. $DateStart . ' AND ' . $DateEnd);

yields the following Query:

SELECT  TOP 10 [Key Field], MemberInfo.OtherField
FROM primaryTable
LEFT JOIN MemberInfo ON Member Number] = Member_Number
WHERE [Member Number] = '573'
AND [Incident Date] BETWEEN 2012-01-01 AND 2012-07-19

Note the Join Clause Field name is not fully escaped in the resulting query.


While version 1.72 is indeed outdated and I should suggest that you upgrade, I don't think that identifiers containing spaces were ever supported.


Issue is also present in v2.1.2

The problem is specific to the JOIN function in DB_active_rec.php (other functions support MSSQL escaped field names correctly.

The patch below will fix the issue:

--- a/CodeIgniter/v2.1.2/database/DB_active_rec.php
+++ b/CodeIgniter/v2.1.2/database/DB_active_rec.php
@@ -328,7 +328,7 @@ class CI_DB_active_record extends CI_DB_driver {

                // Strip apart the condition and protect the identifiers
-               if (preg_match('/([\w\.]+)([\W\s]+)(.+)/', $cond, $match))
+               if (preg_match('/([\[\w\.]+)([\W\s]+)(.+)/', $cond, $match))
                        $match[1] = $this->_protect_identifiers($match[1]);
                        $match[3] = $this->_protect_identifiers($match[3]);
@jim-parry jim-parry added the Bug label
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.