diff options
author | Andrey Andreev <narf@bofh.bg> | 2012-05-25 00:01:06 +0200 |
---|---|---|
committer | Andrey Andreev <narf@bofh.bg> | 2012-05-25 00:01:06 +0200 |
commit | 21cb2d32edd595a38189cdba137e694c3a22e1f0 (patch) | |
tree | d66a2f38e25f7b0a830d1b7d0fe9d842c50608a5 | |
parent | d06acd85cdfff5411474b46afee36fb77baa1200 (diff) |
Fix issue #136 (MySQL escape_like_str())
-rw-r--r-- | system/database/drivers/mysql/mysql_driver.php | 6 | ||||
-rw-r--r-- | system/database/drivers/mysqli/mysqli_driver.php | 6 | ||||
-rw-r--r-- | user_guide_src/source/changelog.rst | 2 |
3 files changed, 9 insertions, 5 deletions
diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php index 161f99541..d801a9aaf 100644 --- a/system/database/drivers/mysql/mysql_driver.php +++ b/system/database/drivers/mysql/mysql_driver.php @@ -47,7 +47,7 @@ class CI_DB_mysql_driver extends CI_DB { // clause and character used for LIKE escape sequences - not used in MySQL protected $_like_escape_str = ''; - protected $_like_escape_chr = ''; + protected $_like_escape_chr = '\\'; /** * The syntax to count rows is slightly different across different @@ -291,7 +291,9 @@ class CI_DB_mysql_driver extends CI_DB { // escape LIKE condition wildcards if ($like === TRUE) { - return str_replace(array('%', '_'), array('\\%', '\\_'), $str); + return str_replace(array($this->_like_escape_chr, '%', '_'), + array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'), + $str); } return $str; diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index 9261883f5..61761e0c6 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -47,7 +47,7 @@ class CI_DB_mysqli_driver extends CI_DB { // clause and character used for LIKE escape sequences - not used in MySQL protected $_like_escape_str = ''; - protected $_like_escape_chr = ''; + protected $_like_escape_chr = '\\'; /** * The syntax to count rows is slightly different across different @@ -291,7 +291,9 @@ class CI_DB_mysqli_driver extends CI_DB { // escape LIKE condition wildcards if ($like === TRUE) { - return str_replace(array('%', '_'), array('\\%', '\\_'), $str); + return str_replace(array($this->_like_escape_chr, '%', '_'), + array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'), + $str); } return $str; diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 5407fb05e..4b8a0f2d3 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -195,7 +195,7 @@ Bug fixes for 3.0 - Fixed a bug in the :doc:`Session Library <libraries/sessions>` where a PHP E_NOTICE error was triggered by _unserialize() due to results from databases such as MSSQL and Oracle being space-padded on the right. - Fixed a bug (#501) - set_rules() to check if the request method is not 'POST' before aborting, instead of depending on count($_POST) in the :doc:`Form Validation Library <libraries/form_validation>`. - Fixed a bug (#940) - csrf_verify() used to set the CSRF cookie while processing a POST request with no actual POST data, which resulted in validating a request that should be considered invalid. -- Fixed a bug in PostgreSQL's escape_str() where it didn't properly escape LIKE wild characters. +- Fixed a bug (#136) - PostgreSQL, MySQL and MySQLi's escape_str() method didn't properly escape LIKE wild characters. - Fixed a bug in the library loader where some PHP versions wouldn't execute the class constructor. - Fixed a bug (#88) - An unexisting property was used for configuration of the Memcache cache driver. - Fixed a bug (#14) - create_database() method in the :doc:`Database Forge Library <database/forge>` didn't utilize the configured database character set. |