diff options
author | Andrey Andreev <narf@bofh.bg> | 2013-01-10 15:53:44 +0100 |
---|---|---|
committer | Andrey Andreev <narf@bofh.bg> | 2013-01-10 15:53:44 +0100 |
commit | 0b6a492ce1092172b9e3445e674ff9a344d33650 (patch) | |
tree | 280c17c507df5e9a82264bb437c0cd6088198ca8 /system/database/DB_driver.php | |
parent | 7545ffd90647cd65aeaff2a21032a13140700c63 (diff) |
Unify escape_str() array input and LIKE logic
Added protected method _escape_str() to deal with quote escaping.
Diffstat (limited to 'system/database/DB_driver.php')
-rw-r--r-- | system/database/DB_driver.php | 49 |
1 files changed, 48 insertions, 1 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 8c98a876e..1e5e8c6f7 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -1004,12 +1004,46 @@ abstract class CI_DB_driver { // -------------------------------------------------------------------- /** + * Escape String + * + * @param string $str + * @param bool $like Whether or not the string will be used in a LIKE condition + * @return string + */ + public function escape_str($str, $like = FALSE) + { + if (is_array($str)) + { + foreach ($str as $key => $val) + { + $str[$key] = $this->escape_str($val, $like); + } + + return $str; + } + + $str = $this->_escape_str($str); + + // escape LIKE condition wildcards + if ($like === TRUE) + { + return str_replace(array($this->_like_escape_chr, '%', '_'), + array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'), + $str); + } + + return $str; + } + + // -------------------------------------------------------------------- + + /** * Escape LIKE String * * Calls the individual driver for platform * specific escaping for LIKE conditions * - * @param string + * @param string|string[] * @return mixed */ public function escape_like_str($str) @@ -1020,6 +1054,19 @@ abstract class CI_DB_driver { // -------------------------------------------------------------------- /** + * Platform-dependant string escape + * + * @param string + * @return string + */ + protected function _escape_str($str) + { + return str_replace("'", "''", remove_invisible_characters($str)); + } + + // -------------------------------------------------------------------- + + /** * Primary * * Retrieves the primary key. It assumes that the row in the first |