summaryrefslogtreecommitdiffstats
path: root/system/database
diff options
context:
space:
mode:
authorAndrey Andreev <narf@bofh.bg>2012-11-20 20:18:08 +0100
committerAndrey Andreev <narf@bofh.bg>2012-11-20 20:18:08 +0100
commit3a5efc291ac17a8a9886be25f6b430796969d154 (patch)
treefd1489bf5117bf2d8b08c0f6ee2282e9ad869e9d /system/database
parentd337a2621d36aebd0747b4e10a61b98bb13a2793 (diff)
Fix issue #2015
Diffstat (limited to 'system/database')
-rw-r--r--system/database/DB_driver.php2
-rw-r--r--system/database/DB_query_builder.php17
-rw-r--r--system/database/drivers/pdo/subdrivers/pdo_pgsql_driver.php105
-rw-r--r--system/database/drivers/postgre/postgre_driver.php85
4 files changed, 29 insertions, 180 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 65ff792dc..9fcea39b6 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -985,7 +985,7 @@ abstract class CI_DB_driver {
*/
public function escape($str)
{
- if (is_string($str) OR method_exists($str, '__toString'))
+ if (is_string($str) OR (is_object($str) && method_exists($str, '__toString')))
{
return "'".$this->escape_str($str)."'";
}
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index 3154d148b..9bd535b0e 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php
@@ -644,17 +644,11 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
? $this->_group_get_type('')
: $this->_group_get_type($type);
- if (is_null($v) && ! $this->_has_operator($k))
- {
- // value appears not to have been set, assign the test to IS NULL
- $k .= ' IS NULL';
- }
-
if ( ! is_null($v))
{
if ($escape === TRUE)
{
- $v = ' '.(is_int($v) ? $v : $this->escape($v));
+ $v = ' '.$this->escape($v);
}
if ( ! $this->_has_operator($k))
@@ -662,6 +656,11 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
$k .= ' = ';
}
}
+ elseif ( ! $this->_has_operator($k))
+ {
+ // value appears not to have been set, assign the test to IS NULL
+ $k .= ' IS NULL';
+ }
$this->{$qb_key}[] = array('condition' => $prefix.$k.$v, 'escape' => $escape);
if ($this->qb_caching === TRUE)
@@ -2540,7 +2539,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
{
$str = trim($str);
- if (empty($str))
+ if (empty($str) OR ctype_digit($str) OR (string) (float) $str === $str OR in_array(strtoupper($str), array('TRUE', 'FALSE'), TRUE))
{
return TRUE;
}
@@ -2553,7 +2552,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
? array('"', "'") : array("'");
}
- return (ctype_digit($str) OR in_array($str[0], $_str, TRUE));
+ return in_array($str[0], $_str, TRUE);
}
// --------------------------------------------------------------------
diff --git a/system/database/drivers/pdo/subdrivers/pdo_pgsql_driver.php b/system/database/drivers/pdo/subdrivers/pdo_pgsql_driver.php
index 21edeebbd..803cc24e6 100644
--- a/system/database/drivers/pdo/subdrivers/pdo_pgsql_driver.php
+++ b/system/database/drivers/pdo/subdrivers/pdo_pgsql_driver.php
@@ -110,6 +110,26 @@ class CI_DB_pdo_pgsql_driver extends CI_DB_pdo_driver {
// --------------------------------------------------------------------
/**
+ * "Smart" Escape String
+ *
+ * Escapes data based on type
+ *
+ * @param string $str
+ * @return mixed
+ */
+ public function escape($str)
+ {
+ if (is_bool($str))
+ {
+ return ($str) ? 'TRUE' : 'FALSE';
+ }
+
+ return parent::escape($str);
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* ORDER BY
*
* @param string $orderby
@@ -311,91 +331,6 @@ class CI_DB_pdo_pgsql_driver extends CI_DB_pdo_driver {
return $sql.' LIMIT '.$this->qb_limit.($this->qb_offset ? ' OFFSET '.$this->qb_offset : '');
}
- // --------------------------------------------------------------------
-
- /**
- * WHERE, HAVING
- *
- * Called by where(), or_where(), having(), or_having()
- *
- * @param string 'qb_where' or 'qb_having'
- * @param mixed
- * @param mixed
- * @param string
- * @param bool
- * @return object
- */
- protected function _wh($qb_key, $key, $value = NULL, $type = 'AND ', $escape = NULL)
- {
- $qb_cache_key = ($qb_key === 'qb_having') ? 'qb_cache_having' : 'qb_cache_where';
-
- if ( ! is_array($key))
- {
- $key = array($key => $value);
- }
-
- // If the escape value was not set will will base it on the global setting
- is_bool($escape) OR $escape = $this->_protect_identifiers;
-
- foreach ($key as $k => $v)
- {
- $prefix = (count($this->$qb_key) === 0 && count($this->$qb_cache_key) === 0)
- ? $this->_group_get_type('')
- : $this->_group_get_type($type);
-
- if (is_null($v) && ! $this->_has_operator($k))
- {
- // value appears not to have been set, assign the test to IS NULL
- $k .= ' IS NULL';
- }
-
- if ( ! is_null($v))
- {
- if (is_bool($v))
- {
- $v = ' '.($v ? 'TRUE' : 'FALSE');
- }
- elseif ($escape === TRUE)
- {
- $v = ' '.(is_int($v) ? $v : $this->escape($v));
- }
-
- if ( ! $this->_has_operator($k))
- {
- $k .= ' = ';
- }
- }
-
- $this->{$qb_key}[] = array('condition' => $prefix.$k.$v, 'escape' => $escape);
- if ($this->qb_caching === TRUE)
- {
- $this->{$qb_cache_key}[] = array('condition' => $prefix.$k.$v, 'escape' => $escape);
- $this->qb_cache_exists[] = substr($qb_key, 3);
- }
-
- }
-
- return $this;
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Is literal
- *
- * Determines if a string represents a literal value or a field name
- *
- * @param string $str
- * @return bool
- */
- protected function _is_literal($str)
- {
- $str = trim($str);
-
- return (empty($str) OR ctype_digit($str) OR $str[0] === "'" OR in_array($str, array('TRUE', 'FALSE'), TRUE));
- }
-
-
}
/* End of file pdo_pgsql_driver.php */
diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php
index 95cfb9778..02db8084e 100644
--- a/system/database/drivers/postgre/postgre_driver.php
+++ b/system/database/drivers/postgre/postgre_driver.php
@@ -337,7 +337,6 @@ class CI_DB_postgre_driver extends CI_DB {
* "Smart" Escape String
*
* Escapes data based on type
- * Sets boolean and null types
*
* @param string $str
* @return mixed
@@ -632,90 +631,6 @@ class CI_DB_postgre_driver extends CI_DB {
// --------------------------------------------------------------------
/**
- * WHERE, HAVING
- *
- * Called by where(), or_where(), having(), or_having()
- *
- * @param string 'qb_where' or 'qb_having'
- * @param mixed
- * @param mixed
- * @param string
- * @param bool
- * @return object
- */
- protected function _wh($qb_key, $key, $value = NULL, $type = 'AND ', $escape = NULL)
- {
- $qb_cache_key = ($qb_key === 'qb_having') ? 'qb_cache_having' : 'qb_cache_where';
-
- if ( ! is_array($key))
- {
- $key = array($key => $value);
- }
-
- // If the escape value was not set will will base it on the global setting
- is_bool($escape) OR $escape = $this->_protect_identifiers;
-
- foreach ($key as $k => $v)
- {
- $prefix = (count($this->$qb_key) === 0 && count($this->$qb_cache_key) === 0)
- ? $this->_group_get_type('')
- : $this->_group_get_type($type);
-
- if (is_null($v) && ! $this->_has_operator($k))
- {
- // value appears not to have been set, assign the test to IS NULL
- $k .= ' IS NULL';
- }
-
- if ( ! is_null($v))
- {
- if (is_bool($v))
- {
- $v = ' '.($v ? 'TRUE' : 'FALSE');
- }
- elseif ($escape === TRUE)
- {
- $v = ' '.(is_int($v) ? $v : $this->escape($v));
- }
-
- if ( ! $this->_has_operator($k))
- {
- $k .= ' = ';
- }
- }
-
- $this->{$qb_key}[] = array('condition' => $prefix.$k.$v, 'escape' => $escape);
- if ($this->qb_caching === TRUE)
- {
- $this->{$qb_cache_key}[] = array('condition' => $prefix.$k.$v, 'escape' => $escape);
- $this->qb_cache_exists[] = substr($qb_key, 3);
- }
-
- }
-
- return $this;
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Is literal
- *
- * Determines if a string represents a literal value or a field name
- *
- * @param string $str
- * @return bool
- */
- protected function _is_literal($str)
- {
- $str = trim($str);
-
- return (empty($str) OR ctype_digit($str) OR $str[0] === "'" OR in_array($str, array('TRUE', 'FALSE'), TRUE));
- }
-
- // --------------------------------------------------------------------
-
- /**
* Close DB Connection
*
* @return void