diff options
| author | Andrey Andreev <narf@bofh.bg> | 2013-01-10 15:53:44 +0100 |
|---|---|---|
| committer | Andrey Andreev <narf@bofh.bg> | 2013-01-10 15:53:44 +0100 |
| commit | 0b6a492ce1092172b9e3445e674ff9a344d33650 (patch) | |
| tree | 280c17c507df5e9a82264bb437c0cd6088198ca8 /system/database/drivers/mysqli | |
| parent | 7545ffd90647cd65aeaff2a21032a13140700c63 (diff) | |
Unify escape_str() array input and LIKE logic
Added protected method _escape_str() to deal with quote escaping.
Diffstat (limited to 'system/database/drivers/mysqli')
| -rw-r--r-- | system/database/drivers/mysqli/mysqli_driver.php | 31 |
1 files changed, 6 insertions, 25 deletions
diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index be9176e16..b64a7a2e8 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -289,35 +289,16 @@ class CI_DB_mysqli_driver extends CI_DB { // -------------------------------------------------------------------- /** - * Escape String + * Platform-dependant string escape * - * @param string $str - * @param bool $like Whether or not the string will be used in a LIKE condition + * @param string * @return string */ - public function escape_str($str, $like = FALSE) + protected function _escape_str($str) { - if (is_array($str)) - { - foreach ($str as $key => $val) - { - $str[$key] = $this->escape_str($val, $like); - } - - return $str; - } - - $str = is_object($this->conn_id) ? $this->conn_id->real_escape_string($str) : addslashes($str); - - // escape LIKE condition wildcards - if ($like === TRUE) - { - return str_replace(array($this->_like_escape_chr, '%', '_'), - array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'), - $str); - } - - return $str; + return is_object($this->conn_id) + ? $this->conn_id->real_escape_string($str) + : addslashes($str); } // -------------------------------------------------------------------- |