From bdd9c118c6e04ec8dc9b6bb1a2fb8a39214dca72 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 6 Nov 2012 12:07:16 +0200 Subject: [PATCH] Add an optional escape parameter to insert() and insert_batch() "Fixes" #1895 --- system/database/DB_query_builder.php | 14 ++++++++------ user_guide_src/source/changelog.rst | 2 +- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 41b30aec326..a3ba77360e5 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -1403,13 +1403,14 @@ public function get_where($table = '', $where = NULL, $limit = NULL, $offset = N * * @param string $table Table to insert into * @param array $set An associative array of insert values + * @param bool $escape Whether to escape values and identifiers * @return int Number of rows inserted or FALSE on failure */ - public function insert_batch($table = '', $set = NULL) + public function insert_batch($table = '', $set = NULL, $escape = NULL) { if ( ! is_null($set)) { - $this->set_insert_batch($set); + $this->set_insert_batch($set, '', $escape); } if (count($this->qb_set) === 0) @@ -1432,7 +1433,7 @@ public function insert_batch($table = '', $set = NULL) $affected_rows = 0; for ($i = 0, $total = count($this->qb_set); $i < $total; $i += 100) { - $this->query($this->_insert_batch($this->protect_identifiers($table, TRUE, NULL, FALSE), $this->qb_keys, array_slice($this->qb_set, $i, 100))); + $this->query($this->_insert_batch($this->protect_identifiers($table, TRUE, $escape, FALSE), $this->qb_keys, array_slice($this->qb_set, $i, 100))); $affected_rows += $this->affected_rows(); } @@ -1558,13 +1559,14 @@ public function get_compiled_insert($table = '', $reset = TRUE) * * @param string the table to insert data into * @param array an associative array of insert values + * @param bool $escape Whether to escape values and identifiers * @return object */ - public function insert($table = '', $set = NULL) + public function insert($table = '', $set = NULL, $escape = NULL) { if ( ! is_null($set)) { - $this->set($set); + $this->set($set, '', $escape); } if ($this->_validate_insert($table) === FALSE) @@ -1574,7 +1576,7 @@ public function insert($table = '', $set = NULL) $sql = $this->_insert( $this->protect_identifiers( - $this->qb_from[0], TRUE, NULL, FALSE + $this->qb_from[0], TRUE, $escape, FALSE ), array_keys($this->qb_set), array_values($this->qb_set) diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 2cd0d7978c2..570aef57ade 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -113,7 +113,7 @@ Release Date: Not Released - Renamed the Active Record class to Query Builder to remove confusion with the Active Record design pattern. - Added the ability to insert objects with ``insert_batch()``. - Added new methods that return the SQL string of queries without executing them: ``get_compiled_select()``, ``get_compiled_insert()``, ``get_compiled_update()``, ``get_compiled_delete()``. - - Added an optional parameter that allows to disable escaping (useful for custom fields) for methods ``join()``, ``order_by()``, ``where_in()``, ``or_where_in()``, ``where_not_in()``, ``or_where_not_in()``. + - Added an optional parameter that allows to disable escaping (useful for custom fields) for methods ``join()``, ``order_by()``, ``where_in()``, ``or_where_in()``, ``where_not_in()``, ``or_where_not_in()``, ``insert()``, ``insert_batch()``. - Added support for ``join()`` with multiple conditions. - Added support for *USING* in ``join()``. - Changed ``limit()`` to ignore NULL values instead of always casting to integer.