diff options
| author | Derek Jones <derek.jones@ellislab.com> | 2009-02-20 22:44:59 +0100 |
|---|---|---|
| committer | Derek Jones <derek.jones@ellislab.com> | 2009-02-20 22:44:59 +0100 |
| commit | e4ed583067095144eb20aefc61d4499d8386532a (patch) | |
| tree | b156a0305e5c1e84466bcb0ca84787b234be3cfd /system/database/drivers/mssql | |
| parent | 436e6e2583c574a4628984c4a95c5d3da5fcce1f (diff) | |
added LIKE condition escaping to all drivers and Active Record
updated all DB drivers to accept arrays in escape_str()
Diffstat (limited to 'system/database/drivers/mssql')
| -rw-r--r-- | system/database/drivers/mssql/mssql_driver.php | 30 |
1 files changed, 28 insertions, 2 deletions
diff --git a/system/database/drivers/mssql/mssql_driver.php b/system/database/drivers/mssql/mssql_driver.php index addbd6b92..c89e2549e 100644 --- a/system/database/drivers/mssql/mssql_driver.php +++ b/system/database/drivers/mssql/mssql_driver.php @@ -34,6 +34,11 @@ class CI_DB_mssql_driver extends CI_DB { // The character used for escaping var $_escape_char = ''; + + // clause and character used for LIKE escape sequences + var $_like_escape_str = " ESCAPE '%s' "; + var $_like_escape_chr = '!'; + /** * The syntax to count rows is slightly different across different * database engines, so this string appears in each driver and is @@ -225,15 +230,36 @@ class CI_DB_mssql_driver extends CI_DB { * * @access public * @param string + * @param bool whether or not the string will be used in a LIKE condition * @return string */ - function escape_str($str) + function escape_str($str, $like = FALSE) { + if (is_array($str)) + { + foreach($str as $key => $val) + { + $str[$key] = $this->escape_str($val, $like); + } + + return $str; + } + // Access the CI object $CI =& get_instance(); // Escape single quotes - return str_replace("'", "''", $CI->input->_remove_invisible_characters($str)); + $str = str_replace("'", "''", $CI->input->_remove_invisible_characters($str)); + + // escape LIKE condition wildcards + if ($like === TRUE) + { + $str = str_replace( array('%', '_', $this->_like_escape_chr), + array($this->_like_escape_chr.'%', $this->_like_escape_chr.'_', $this->_like_escape_chr.$this->_like_escape_chr), + $str); + } + + return $str; } // -------------------------------------------------------------------- |