Fixed Bug #1388106: using the IN operator when selecting data

Fix IN/NOT IN to accept text input lists 'a','b'.
Escaping of the input value is not done when you use IN, it's expected that you complete that.

diff --git a/HISTORY b/HISTORY
index 7ad6afffd03fd1666db338c43ba9f6c47625874e..cfcfc025451d85dda2c44e463434dd9e58ffd0e2 100644 (file)
--- a/HISTORY
+++ b/HISTORY
@@ -7,6 +7,7 @@ Version 4.2
 Bugs
 * Can't edit a report and set its comment to empty
 * Fix PHP5 Strict mode complaints 
+* Fix IN/NOT IN to accept text input lists 'a','b'
 
 Translations
 * utf traditional chinese (Kuo Chaoyi)

diff --git a/classes/database/Postgres.php b/classes/database/Postgres.php
index 7cbf1d24cc75823384b16926526861bb296861ce..13bd5ed8a744a04bc47614cd2af87fd56883e65a 100755 (executable)
--- a/classes/database/Postgres.php
+++ b/classes/database/Postgres.php
@@ -4,7 +4,7 @@
  * A class that implements the DB interface for Postgres
  * Note: This class uses ADODB and returns RecordSets.
  *
- * $Id: Postgres.php,v 1.296 2007/04/01 16:02:07 xzilla Exp $
+ * $Id: Postgres.php,v 1.297 2007/04/05 11:30:03 mr-russ Exp $
  */
 
 // @@@ THOUGHT: What about inherits? ie. use of ONLY???
@@ -3999,7 +3999,6 @@ class Postgres extends ADODB_base {
                        foreach ($values as $k => $v) {
                                if ($v != '' || $this->selectOps[$ops[$k]] == 'p') {
                                        $this->fieldClean($k);
-                                       $this->clean($v);
                                        if ($first) {
                                                $sql .= " WHERE ";
                                                $first = false;
@@ -4009,6 +4008,10 @@ class Postgres extends ADODB_base {
                                        // Different query format depending on operator type
                                        switch ($this->selectOps[$ops[$k]]) {
                                                case 'i':
+                                                       // Only clean the field for the inline case
+                                                       // this is because (x), subqueries need to
+                                                       // to allow 'a','b' as input.
+                                                       $this->clean($v);
                                                        $sql .= "\"{$k}\" {$ops[$k]} '{$v}'";
                                                        break;
                                                case 'p':