Add an optional escape parameter to insert() and insert_batch()

"Fixes" bcit-ci#1895
nonchip · Nov 6, 2012 · d1e13c7 · d1e13c7
1 parent 4182901
commit d1e13c7
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 7 deletions.
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
@@ -1403,13 +1403,14 @@ public function get_where($table = '', $where = NULL, $limit = NULL, $offset = N
 	 *
 	 * @param	string	$table	Table to insert into
 	 * @param	array	$set 	An associative array of insert values
+	 * @param	bool	$escape	Whether to escape values and identifiers
 	 * @return	int	Number of rows inserted or FALSE on failure
 	 */
-	public function insert_batch($table = '', $set = NULL)
+	public function insert_batch($table = '', $set = NULL, $escape = NULL)
 	{
 		if ( ! is_null($set))
 		{
-			$this->set_insert_batch($set);
+			$this->set_insert_batch($set, '', $escape);
 		}
 
 		if (count($this->qb_set) === 0)
@@ -1432,7 +1433,7 @@ public function insert_batch($table = '', $set = NULL)
 		$affected_rows = 0;
 		for ($i = 0, $total = count($this->qb_set); $i < $total; $i += 100)
 		{
-			$this->query($this->_insert_batch($this->protect_identifiers($table, TRUE, NULL, FALSE), $this->qb_keys, array_slice($this->qb_set, $i, 100)));
+			$this->query($this->_insert_batch($this->protect_identifiers($table, TRUE, $escape, FALSE), $this->qb_keys, array_slice($this->qb_set, $i, 100)));
 			$affected_rows += $this->affected_rows();
 		}
 
@@ -1558,13 +1559,14 @@ public function get_compiled_insert($table = '', $reset = TRUE)
 	 *
 	 * @param	string	the table to insert data into
 	 * @param	array	an associative array of insert values
+	 * @param	bool	$escape	Whether to escape values and identifiers
 	 * @return	object
 	 */
-	public function insert($table = '', $set = NULL)
+	public function insert($table = '', $set = NULL, $escape = NULL)
 	{
 		if ( ! is_null($set))
 		{
-			$this->set($set);
+			$this->set($set, '', $escape);
 		}
 
 		if ($this->_validate_insert($table) === FALSE)
@@ -1574,7 +1576,7 @@ public function insert($table = '', $set = NULL)
 
 		$sql = $this->_insert(
 			$this->protect_identifiers(
-				$this->qb_from[0], TRUE, NULL, FALSE
+				$this->qb_from[0], TRUE, $escape, FALSE
 			),
 			array_keys($this->qb_set),
 			array_values($this->qb_set)

diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
@@ -113,7 +113,7 @@ Release Date: Not Released
 	 - Renamed the Active Record class to Query Builder to remove confusion with the Active Record design pattern.
 	 - Added the ability to insert objects with ``insert_batch()``.
 	 - Added new methods that return the SQL string of queries without executing them: ``get_compiled_select()``, ``get_compiled_insert()``, ``get_compiled_update()``, ``get_compiled_delete()``.
-	 - Added an optional parameter that allows to disable escaping (useful for custom fields) for methods ``join()``, ``order_by()``, ``where_in()``, ``or_where_in()``, ``where_not_in()``, ``or_where_not_in()``.
+	 - Added an optional parameter that allows to disable escaping (useful for custom fields) for methods ``join()``, ``order_by()``, ``where_in()``, ``or_where_in()``, ``where_not_in()``, ``or_where_not_in()``, ``insert()``, ``insert_batch()``.
 	 - Added support for ``join()`` with multiple conditions.
 	 - Added support for *USING* in ``join()``.
 	 - Changed ``limit()`` to ignore NULL values instead of always casting to integer.