summaryrefslogtreecommitdiffstats
path: root/system/database
diff options
context:
space:
mode:
authorTimothy Warren <tim@timshomepage.net>2011-10-05 22:44:50 +0200
committerTimothy Warren <tim@timshomepage.net>2011-10-05 22:44:50 +0200
commit47663970e357c51ad16d1a1a3d3b52428c022505 (patch)
treef527ff9837685a59e6255b6822a8ed6a921f1c9b /system/database
parent7afda98c0740fe53cff5976aea8879a45f7622f9 (diff)
Changed to escape using PDO::quote()
Diffstat (limited to 'system/database')
-rw-r--r--system/database/drivers/pdo/pdo_driver.php15
1 files changed, 4 insertions, 11 deletions
diff --git a/system/database/drivers/pdo/pdo_driver.php b/system/database/drivers/pdo/pdo_driver.php
index 244a15e1e..568819a08 100644
--- a/system/database/drivers/pdo/pdo_driver.php
+++ b/system/database/drivers/pdo/pdo_driver.php
@@ -308,19 +308,12 @@ class CI_DB_pdo_driver extends CI_DB {
return $str;
}
-
- // Remove invisible characters
- $str = remove_invisible_characters($str);
- //Make sure to escape slashes and quotes
- $replace = array(
- "\\" => "\\\\",
- "'" => "\\'",
- "\"" => "\\\"",
- );
-
- $str = strtr($str, $replace);
+ //Escape the string
+ $str = $this->conn_id->quote($str);
+ //If there are duplicated quotes, trim them away
+ $str = substr($str, 1, -1);
// escape LIKE condition wildcards
if ($like === TRUE)