summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimothy Warren <tim@timshomepage.net>2011-09-14 18:25:14 +0200
committerPhil Sturgeon <email@philsturgeon.co.uk>2011-10-27 13:59:53 +0200
commit9f5316e96ea635a15aa5906bfd2abaea19520970 (patch)
tree46fca70c28c6d168be4774c1b8f64e42a52597ba
parentf2bae2cb50d040e17ca0323b394a60499e639834 (diff)
Fixed LIKE statement escaping issues
-rw-r--r--system/database/drivers/pdo/pdo_driver.php25
1 files changed, 13 insertions, 12 deletions
diff --git a/system/database/drivers/pdo/pdo_driver.php b/system/database/drivers/pdo/pdo_driver.php
index 19e069b06..4c911aa6e 100644
--- a/system/database/drivers/pdo/pdo_driver.php
+++ b/system/database/drivers/pdo/pdo_driver.php
@@ -28,6 +28,7 @@
* @author ExpressionEngine Dev Team
* @link http://codeigniter.com/user_guide/database/
*/
+
class CI_DB_pdo_driver extends CI_DB {
var $dbdriver = 'pdo';
@@ -36,7 +37,7 @@ class CI_DB_pdo_driver extends CI_DB {
var $_escape_char = '';
var $_like_escape_str;
var $_like_escape_chr;
-
+
/**
* The syntax to count rows is slightly different across different
@@ -50,7 +51,7 @@ class CI_DB_pdo_driver extends CI_DB {
function __construct($params)
{
parent::__construct($params);
-
+
// clause and character used for LIKE escape sequences
if (strpos($this->hostname, 'mysql') !== FALSE)
{
@@ -67,7 +68,7 @@ class CI_DB_pdo_driver extends CI_DB {
$this->_like_escape_str = " ESCAPE '%s' ";
$this->_like_escape_chr = '!';
}
-
+
$this->hostname = $this->hostname . ";dbname=".$this->database;
$this->trans_enabled = FALSE;
@@ -179,7 +180,7 @@ class CI_DB_pdo_driver extends CI_DB {
{
$sql = $this->_prep_query($sql);
$result_id = $this->conn_id->query($sql);
-
+
if (is_object($result_id))
{
$this->affect_rows = $result_id->rowCount();
@@ -188,7 +189,7 @@ class CI_DB_pdo_driver extends CI_DB {
{
$this->affect_rows = 0;
}
-
+
return $result_id;
}
@@ -308,16 +309,16 @@ class CI_DB_pdo_driver extends CI_DB {
return $str;
}
-
+
//Escape the string
$str = $this->conn_id->quote($str);
-
+
//If there are duplicated quotes, trim them away
if (strpos($str, "'") === 0)
{
$str = substr($str, 1, -1);
}
-
+
// escape LIKE condition wildcards
if ($like === TRUE)
{
@@ -519,7 +520,7 @@ class CI_DB_pdo_driver extends CI_DB {
if (strpos($item, '.') !== FALSE)
{
$str = $this->_escape_char.str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item).$this->_escape_char;
-
+
}
else
{
@@ -569,7 +570,7 @@ class CI_DB_pdo_driver extends CI_DB {
{
return "INSERT INTO ".$table." (".implode(', ', $keys).") VALUES (".implode(', ', $values).")";
}
-
+
// --------------------------------------------------------------------
/**
@@ -622,7 +623,7 @@ class CI_DB_pdo_driver extends CI_DB {
return $sql;
}
-
+
// --------------------------------------------------------------------
/**
@@ -764,7 +765,7 @@ class CI_DB_pdo_driver extends CI_DB {
{
$sql .= " OFFSET ".$offset;
}
-
+
return $sql;
}
}