Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Active Record breaking subqueries within JOINs - needs optional field/table protection #590

Closed
RS71 opened this Issue Oct 18, 2011 · 4 comments

Comments

Projects
None yet
3 participants
Contributor

RS71 commented Oct 18, 2011

I'm currently trying to run a subquery within a JOIN but $this->db->join() keeps breaking the query - it seems it is trying to protect field/table names. It ends up adding backticks to SELECTs in the subquery. It'd be nice if AR would support subqueries or if I could tell it to not protect fields by passing an additional parameter.

Contributor

RS71 commented Oct 18, 2011

In this query for example, AR adds back ticks to the SELECT present within the join - which of course breaks the query

SELECT 
    p.*
  , i.thumbnail
FROM 
    products AS p
  LEFT JOIN
    images AS i
      ON i.image_id =
         ( SELECT image_id
           FROM products_images AS pi
           WHERE pi.product_id = p.product_id
           ORDER BY `order` ASC                      --- or DESC
           LIMIT 1
         )
Contributor

RS71 commented Oct 19, 2011

I'm not too familiar with github -- could someone please make a request to include a fourth parameter that skips the _protect_identifiers() of $cond? Link to lines That way, I believe, we could do a bit more complex joins while still enjoying the benefits of AR.

uzsolt commented Oct 24, 2011

Similar bug report here: EllisLab#610

Contributor

narfbg commented Jun 11, 2012

@narfbg narfbg closed this Jun 11, 2012

@baypup baypup pushed a commit to baypup/CodeIgniter that referenced this issue Aug 20, 2015

@benedmunds benedmunds Merge pull request #590 from Patroklo/2
Possible security problem
e7f25c5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment