diff options
author | Timothy Warren <tim@timshomepage.net> | 2011-09-14 18:25:14 +0200 |
---|---|---|
committer | Phil Sturgeon <email@philsturgeon.co.uk> | 2011-10-27 13:59:53 +0200 |
commit | 9f5316e96ea635a15aa5906bfd2abaea19520970 (patch) | |
tree | 46fca70c28c6d168be4774c1b8f64e42a52597ba /system | |
parent | f2bae2cb50d040e17ca0323b394a60499e639834 (diff) |
Fixed LIKE statement escaping issues
Diffstat (limited to 'system')
-rw-r--r-- | system/database/drivers/pdo/pdo_driver.php | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/system/database/drivers/pdo/pdo_driver.php b/system/database/drivers/pdo/pdo_driver.php index 19e069b06..4c911aa6e 100644 --- a/system/database/drivers/pdo/pdo_driver.php +++ b/system/database/drivers/pdo/pdo_driver.php @@ -28,6 +28,7 @@ * @author ExpressionEngine Dev Team * @link http://codeigniter.com/user_guide/database/ */ + class CI_DB_pdo_driver extends CI_DB { var $dbdriver = 'pdo'; @@ -36,7 +37,7 @@ class CI_DB_pdo_driver extends CI_DB { var $_escape_char = ''; var $_like_escape_str; var $_like_escape_chr; - + /** * The syntax to count rows is slightly different across different @@ -50,7 +51,7 @@ class CI_DB_pdo_driver extends CI_DB { function __construct($params) { parent::__construct($params); - + // clause and character used for LIKE escape sequences if (strpos($this->hostname, 'mysql') !== FALSE) { @@ -67,7 +68,7 @@ class CI_DB_pdo_driver extends CI_DB { $this->_like_escape_str = " ESCAPE '%s' "; $this->_like_escape_chr = '!'; } - + $this->hostname = $this->hostname . ";dbname=".$this->database; $this->trans_enabled = FALSE; @@ -179,7 +180,7 @@ class CI_DB_pdo_driver extends CI_DB { { $sql = $this->_prep_query($sql); $result_id = $this->conn_id->query($sql); - + if (is_object($result_id)) { $this->affect_rows = $result_id->rowCount(); @@ -188,7 +189,7 @@ class CI_DB_pdo_driver extends CI_DB { { $this->affect_rows = 0; } - + return $result_id; } @@ -308,16 +309,16 @@ class CI_DB_pdo_driver extends CI_DB { return $str; } - + //Escape the string $str = $this->conn_id->quote($str); - + //If there are duplicated quotes, trim them away if (strpos($str, "'") === 0) { $str = substr($str, 1, -1); } - + // escape LIKE condition wildcards if ($like === TRUE) { @@ -519,7 +520,7 @@ class CI_DB_pdo_driver extends CI_DB { if (strpos($item, '.') !== FALSE) { $str = $this->_escape_char.str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item).$this->_escape_char; - + } else { @@ -569,7 +570,7 @@ class CI_DB_pdo_driver extends CI_DB { { return "INSERT INTO ".$table." (".implode(', ', $keys).") VALUES (".implode(', ', $values).")"; } - + // -------------------------------------------------------------------- /** @@ -622,7 +623,7 @@ class CI_DB_pdo_driver extends CI_DB { return $sql; } - + // -------------------------------------------------------------------- /** @@ -764,7 +765,7 @@ class CI_DB_pdo_driver extends CI_DB { { $sql .= " OFFSET ".$offset; } - + return $sql; } } |