From 822237893a09eae67a679ae94ccc1df874f9f1fa Mon Sep 17 00:00:00 2001 From: mr-russ Date: Thu, 5 Apr 2007 11:30:03 +0000 Subject: [PATCH] Fixed Bug #1388106: using the IN operator when selecting data Fix IN/NOT IN to accept text input lists 'a','b'. Escaping of the input value is not done when you use IN, it's expected that you complete that. --- HISTORY | 1 + classes/database/Postgres.php | 7 +++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/HISTORY b/HISTORY index 7ad6afff..cfcfc025 100644 --- a/HISTORY +++ b/HISTORY @@ -7,6 +7,7 @@ Version 4.2 Bugs * Can't edit a report and set its comment to empty * Fix PHP5 Strict mode complaints +* Fix IN/NOT IN to accept text input lists 'a','b' Translations * utf traditional chinese (Kuo Chaoyi) diff --git a/classes/database/Postgres.php b/classes/database/Postgres.php index 7cbf1d24..13bd5ed8 100755 --- a/classes/database/Postgres.php +++ b/classes/database/Postgres.php @@ -4,7 +4,7 @@ * A class that implements the DB interface for Postgres * Note: This class uses ADODB and returns RecordSets. * - * $Id: Postgres.php,v 1.296 2007/04/01 16:02:07 xzilla Exp $ + * $Id: Postgres.php,v 1.297 2007/04/05 11:30:03 mr-russ Exp $ */ // @@@ THOUGHT: What about inherits? ie. use of ONLY??? @@ -3999,7 +3999,6 @@ class Postgres extends ADODB_base { foreach ($values as $k => $v) { if ($v != '' || $this->selectOps[$ops[$k]] == 'p') { $this->fieldClean($k); - $this->clean($v); if ($first) { $sql .= " WHERE "; $first = false; @@ -4009,6 +4008,10 @@ class Postgres extends ADODB_base { // Different query format depending on operator type switch ($this->selectOps[$ops[$k]]) { case 'i': + // Only clean the field for the inline case + // this is because (x), subqueries need to + // to allow 'a','b' as input. + $this->clean($v); $sql .= "\"{$k}\" {$ops[$k]} '{$v}'"; break; case 'p': -- 2.39.5