summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrey Andreev <narf@bofh.bg>2012-05-25 00:01:06 +0200
committerAndrey Andreev <narf@bofh.bg>2012-05-25 00:01:06 +0200
commit21cb2d32edd595a38189cdba137e694c3a22e1f0 (patch)
treed66a2f38e25f7b0a830d1b7d0fe9d842c50608a5
parentd06acd85cdfff5411474b46afee36fb77baa1200 (diff)
Fix issue #136 (MySQL escape_like_str())
-rw-r--r--system/database/drivers/mysql/mysql_driver.php6
-rw-r--r--system/database/drivers/mysqli/mysqli_driver.php6
-rw-r--r--user_guide_src/source/changelog.rst2
3 files changed, 9 insertions, 5 deletions
diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php
index 161f99541..d801a9aaf 100644
--- a/system/database/drivers/mysql/mysql_driver.php
+++ b/system/database/drivers/mysql/mysql_driver.php
@@ -47,7 +47,7 @@ class CI_DB_mysql_driver extends CI_DB {
// clause and character used for LIKE escape sequences - not used in MySQL
protected $_like_escape_str = '';
- protected $_like_escape_chr = '';
+ protected $_like_escape_chr = '\\';
/**
* The syntax to count rows is slightly different across different
@@ -291,7 +291,9 @@ class CI_DB_mysql_driver extends CI_DB {
// escape LIKE condition wildcards
if ($like === TRUE)
{
- return str_replace(array('%', '_'), array('\\%', '\\_'), $str);
+ return str_replace(array($this->_like_escape_chr, '%', '_'),
+ array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'),
+ $str);
}
return $str;
diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php
index 9261883f5..61761e0c6 100644
--- a/system/database/drivers/mysqli/mysqli_driver.php
+++ b/system/database/drivers/mysqli/mysqli_driver.php
@@ -47,7 +47,7 @@ class CI_DB_mysqli_driver extends CI_DB {
// clause and character used for LIKE escape sequences - not used in MySQL
protected $_like_escape_str = '';
- protected $_like_escape_chr = '';
+ protected $_like_escape_chr = '\\';
/**
* The syntax to count rows is slightly different across different
@@ -291,7 +291,9 @@ class CI_DB_mysqli_driver extends CI_DB {
// escape LIKE condition wildcards
if ($like === TRUE)
{
- return str_replace(array('%', '_'), array('\\%', '\\_'), $str);
+ return str_replace(array($this->_like_escape_chr, '%', '_'),
+ array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'),
+ $str);
}
return $str;
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 5407fb05e..4b8a0f2d3 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -195,7 +195,7 @@ Bug fixes for 3.0
- Fixed a bug in the :doc:`Session Library <libraries/sessions>` where a PHP E_NOTICE error was triggered by _unserialize() due to results from databases such as MSSQL and Oracle being space-padded on the right.
- Fixed a bug (#501) - set_rules() to check if the request method is not 'POST' before aborting, instead of depending on count($_POST) in the :doc:`Form Validation Library <libraries/form_validation>`.
- Fixed a bug (#940) - csrf_verify() used to set the CSRF cookie while processing a POST request with no actual POST data, which resulted in validating a request that should be considered invalid.
-- Fixed a bug in PostgreSQL's escape_str() where it didn't properly escape LIKE wild characters.
+- Fixed a bug (#136) - PostgreSQL, MySQL and MySQLi's escape_str() method didn't properly escape LIKE wild characters.
- Fixed a bug in the library loader where some PHP versions wouldn't execute the class constructor.
- Fixed a bug (#88) - An unexisting property was used for configuration of the Memcache cache driver.
- Fixed a bug (#14) - create_database() method in the :doc:`Database Forge Library <database/forge>` didn't utilize the configured database character set.