Fix the Query Builder to escape the correct values.
Currently, when using the query builder's where and on functions are given 3 arguments, the first is used as a field reference, the second as a comparison operator, and the third as a value. The last value is sanitized and the query is built.
If the query builder's where and on functions are given 1 argument, the spaces are exploded and it does the same as the above.
What should happen is if 3 arguments are given, the last is sanitized and the query is built. If only one is given, the query builder should understand the developer is using a field to field comparison, or is using safe values, and therefore shouldn't sanitize the values.
Fix the Query Builder to escape the correct values.
Currently, when using the query builder's
where
andon
functions are given 3 arguments, the first is used as a field reference, the second as a comparison operator, and the third as a value. The last value is sanitized and the query is built.If the query builder's where and on functions are given 1 argument, the spaces are exploded and it does the same as the above.
What should happen is if 3 arguments are given, the last is sanitized and the query is built. If only one is given, the query builder should understand the developer is using a field to field comparison, or is using safe values, and therefore shouldn't sanitize the values.