summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2013-09-13 15:03:07 +0200
committerAndrey Andreev <narf@devilix.net>2013-09-13 15:03:07 +0200
commita9346aa754f5488f7535f580dd744477f52d5063 (patch)
treee315c6a8424a1272bdaee43b7eb812acff059d7e
parent79d9e38f4c240098199c12a64d18457e7c1daef7 (diff)
Fix a PostgreSQL string escaping bug and use pg_escape_literal() when possible
-rw-r--r--system/database/drivers/postgre/postgre_driver.php8
-rw-r--r--user_guide_src/source/changelog.rst2
2 files changed, 8 insertions, 2 deletions
diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php
index dbf7c6b95..b72fb873a 100644
--- a/system/database/drivers/postgre/postgre_driver.php
+++ b/system/database/drivers/postgre/postgre_driver.php
@@ -331,7 +331,7 @@ class CI_DB_postgre_driver extends CI_DB {
*/
protected function _escape_str($str)
{
- return pg_escape_string($str);
+ return pg_escape_string($this->conn_id, $str);
}
// --------------------------------------------------------------------
@@ -346,7 +346,11 @@ class CI_DB_postgre_driver extends CI_DB {
*/
public function escape($str)
{
- if (is_bool($str))
+ if (is_php('5.4.4') && (is_string($str) OR (is_object($str) && method_exists($str, '__toString'))))
+ {
+ return pg_escape_literal($this->conn_id, $str);
+ }
+ elseif (is_bool($str))
{
return ($str) ? 'TRUE' : 'FALSE';
}
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 98036659f..357ecc12e 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -199,6 +199,7 @@ Release Date: Not Released
- Removed ``limit()`` and ``order_by()`` support for *UPDATE* and *DELETE* queries as PostgreSQL does not support those features.
- Added a work-around for dead persistent connections to be re-created after a database restart.
- Changed ``db_connect()`` to include the (new) **schema** value into Postgre's **search_path** session variable.
+ - ``pg_escape_literal()`` is now used for escaping strings, if available.
- Improved support of the CUBRID driver, including:
@@ -612,6 +613,7 @@ Bug fixes for 3.0
- Fixed an edge case (#2583) in the :doc:`Email Library <libraries/email>` where `Suhosin <http://www.hardened-php.net/suhosin/>` blocked messages sent via ``mail()`` due to trailing newspaces in headers.
- Fixed a bug (#2590) - :php:func:`log_message()` didn't actually cache the ``CI_Log`` class instance.
- Fixed a bug (#2609) - :php:func:`get_config()` optional argument was only effective on first function call. Also, it can now add items, in addition to updating existing items.
+- Fixed a bug in the 'postgre' :doc:`database <database/index>` driver where the connection ID wasn't passed to ``pg_escape_string()``.
Version 2.1.4
=============