diff options
author | Timothy Warren <tim@timshomepage.net> | 2011-10-05 22:44:50 +0200 |
---|---|---|
committer | Timothy Warren <tim@timshomepage.net> | 2011-10-05 22:44:50 +0200 |
commit | 47663970e357c51ad16d1a1a3d3b52428c022505 (patch) | |
tree | f527ff9837685a59e6255b6822a8ed6a921f1c9b /system/database | |
parent | 7afda98c0740fe53cff5976aea8879a45f7622f9 (diff) |
Changed to escape using PDO::quote()
Diffstat (limited to 'system/database')
-rw-r--r-- | system/database/drivers/pdo/pdo_driver.php | 15 |
1 files changed, 4 insertions, 11 deletions
diff --git a/system/database/drivers/pdo/pdo_driver.php b/system/database/drivers/pdo/pdo_driver.php index 244a15e1e..568819a08 100644 --- a/system/database/drivers/pdo/pdo_driver.php +++ b/system/database/drivers/pdo/pdo_driver.php @@ -308,19 +308,12 @@ class CI_DB_pdo_driver extends CI_DB { return $str; } - - // Remove invisible characters - $str = remove_invisible_characters($str); - //Make sure to escape slashes and quotes - $replace = array( - "\\" => "\\\\", - "'" => "\\'", - "\"" => "\\\"", - ); - - $str = strtr($str, $replace); + //Escape the string + $str = $this->conn_id->quote($str); + //If there are duplicated quotes, trim them away + $str = substr($str, 1, -1); // escape LIKE condition wildcards if ($like === TRUE) |