summaryrefslogtreecommitdiffstats
path: root/system/database/DB_driver.php
diff options
context:
space:
mode:
authorAndrey Andreev <narf@bofh.bg>2013-01-10 15:53:44 +0100
committerAndrey Andreev <narf@bofh.bg>2013-01-10 15:53:44 +0100
commit0b6a492ce1092172b9e3445e674ff9a344d33650 (patch)
tree280c17c507df5e9a82264bb437c0cd6088198ca8 /system/database/DB_driver.php
parent7545ffd90647cd65aeaff2a21032a13140700c63 (diff)
Unify escape_str() array input and LIKE logic
Added protected method _escape_str() to deal with quote escaping.
Diffstat (limited to 'system/database/DB_driver.php')
-rw-r--r--system/database/DB_driver.php49
1 files changed, 48 insertions, 1 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 8c98a876e..1e5e8c6f7 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -1004,12 +1004,46 @@ abstract class CI_DB_driver {
// --------------------------------------------------------------------
/**
+ * Escape String
+ *
+ * @param string $str
+ * @param bool $like Whether or not the string will be used in a LIKE condition
+ * @return string
+ */
+ public function escape_str($str, $like = FALSE)
+ {
+ if (is_array($str))
+ {
+ foreach ($str as $key => $val)
+ {
+ $str[$key] = $this->escape_str($val, $like);
+ }
+
+ return $str;
+ }
+
+ $str = $this->_escape_str($str);
+
+ // escape LIKE condition wildcards
+ if ($like === TRUE)
+ {
+ return str_replace(array($this->_like_escape_chr, '%', '_'),
+ array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'),
+ $str);
+ }
+
+ return $str;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* Escape LIKE String
*
* Calls the individual driver for platform
* specific escaping for LIKE conditions
*
- * @param string
+ * @param string|string[]
* @return mixed
*/
public function escape_like_str($str)
@@ -1020,6 +1054,19 @@ abstract class CI_DB_driver {
// --------------------------------------------------------------------
/**
+ * Platform-dependant string escape
+ *
+ * @param string
+ * @return string
+ */
+ protected function _escape_str($str)
+ {
+ return str_replace("'", "''", remove_invisible_characters($str));
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* Primary
*
* Retrieves the primary key. It assumes that the row in the first