diff options
| author | Andrey Andreev <narf@devilix.net> | 2013-09-13 15:03:07 +0200 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2013-09-13 15:03:07 +0200 |
| commit | a9346aa754f5488f7535f580dd744477f52d5063 (patch) | |
| tree | e315c6a8424a1272bdaee43b7eb812acff059d7e | |
| parent | 79d9e38f4c240098199c12a64d18457e7c1daef7 (diff) | |
Fix a PostgreSQL string escaping bug and use pg_escape_literal() when possible
| -rw-r--r-- | system/database/drivers/postgre/postgre_driver.php | 8 | ||||
| -rw-r--r-- | user_guide_src/source/changelog.rst | 2 |
2 files changed, 8 insertions, 2 deletions
diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php index dbf7c6b95..b72fb873a 100644 --- a/system/database/drivers/postgre/postgre_driver.php +++ b/system/database/drivers/postgre/postgre_driver.php @@ -331,7 +331,7 @@ class CI_DB_postgre_driver extends CI_DB { */ protected function _escape_str($str) { - return pg_escape_string($str); + return pg_escape_string($this->conn_id, $str); } // -------------------------------------------------------------------- @@ -346,7 +346,11 @@ class CI_DB_postgre_driver extends CI_DB { */ public function escape($str) { - if (is_bool($str)) + if (is_php('5.4.4') && (is_string($str) OR (is_object($str) && method_exists($str, '__toString')))) + { + return pg_escape_literal($this->conn_id, $str); + } + elseif (is_bool($str)) { return ($str) ? 'TRUE' : 'FALSE'; } diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 98036659f..357ecc12e 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -199,6 +199,7 @@ Release Date: Not Released - Removed ``limit()`` and ``order_by()`` support for *UPDATE* and *DELETE* queries as PostgreSQL does not support those features. - Added a work-around for dead persistent connections to be re-created after a database restart. - Changed ``db_connect()`` to include the (new) **schema** value into Postgre's **search_path** session variable. + - ``pg_escape_literal()`` is now used for escaping strings, if available. - Improved support of the CUBRID driver, including: @@ -612,6 +613,7 @@ Bug fixes for 3.0 - Fixed an edge case (#2583) in the :doc:`Email Library <libraries/email>` where `Suhosin <http://www.hardened-php.net/suhosin/>` blocked messages sent via ``mail()`` due to trailing newspaces in headers. - Fixed a bug (#2590) - :php:func:`log_message()` didn't actually cache the ``CI_Log`` class instance. - Fixed a bug (#2609) - :php:func:`get_config()` optional argument was only effective on first function call. Also, it can now add items, in addition to updating existing items. +- Fixed a bug in the 'postgre' :doc:`database <database/index>` driver where the connection ID wasn't passed to ``pg_escape_string()``. Version 2.1.4 ============= |