Bug Report

escape DB functions in `` for Activ record mode
Date:	02/06/2008	Severity:	Critical
Status:	Bogus	Reporter:	PitBult
Version:	1.6.1 beta
Keywords:	Libraries, Database Class

Description

Escape “INTERVAL minutes MINUTE” in ``

Error string SQL-code:

SELECT *,
DATE_FORMAT(DATE_ADD(`datetime`, `INTERVAL` minutes `MINUTE`), “%d.%m.%Y [%H:%i]") AS datetime_end,
UNIX_TIMESTAMP(DATE_ADD(`datetime`, `INTERVAL` minutes `MINUTE`))-UNIX_TIMESTAMP(NOW()) AS last
FROM `ban` LIMIT 1

Code Sample

$this->db->select('*, DATE_FORMAT(DATE_ADD(datetime,INTERVAL minutes MINUTE),"%d.%m.%Y [%H:%i]") AS datetime_end, UNIX_TIMESTAMP(DATE_ADD(datetime,INTERVAL minutes MINUTE))-UNIX_TIMESTAMP(NOW()) AS last');
        
$this->db->from('ban');
$this->db->limit(1);
$query = $this->db->get();
$row = $query->row_array();

Expected Result

Actual Result

SELECT *,
DATE_FORMAT(DATE_ADD(`datetime`, INTERVAL minutes MINUTE), “%d.%m.%Y [%H:%i]") AS datetime_end,
UNIX_TIMESTAMP(DATE_ADD(`datetime`, INTERVAL minutes MINUTE))-UNIX_TIMESTAMP(NOW()) AS last
FROM `ban` LIMIT 1

Comment on Bug Report

Page 1 of 1 pages

Posted by: Derek Jones on 6 February 2008 11:16am

I believe you have your “expected” and “actual” switched around, no? In any case, you need to use the optional second argument for select() (from the User Guide):

$this->Db->select() accepts an optional second parameter. If you set it to FALSE, CodeIgniter will not try to protect your field or table names with backticks. This is useful if you need a compound select statement.

$this->db->select('(SELECT SUM(payments.amount) FROM payments WHERE payments.invoice_id=4') AS amount_paid', FALSE); $query = $this->db->get('mytable');