summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--system/database/DB_driver.php49
-rw-r--r--system/database/drivers/cubrid/cubrid_driver.php31
-rw-r--r--system/database/drivers/ibase/ibase_driver.php32
-rw-r--r--system/database/drivers/mssql/mssql_driver.php37
-rw-r--r--system/database/drivers/mysql/mysql_driver.php31
-rw-r--r--system/database/drivers/mysqli/mysqli_driver.php31
-rw-r--r--system/database/drivers/oci8/oci8_driver.php34
-rw-r--r--system/database/drivers/odbc/odbc_driver.php29
-rw-r--r--system/database/drivers/pdo/pdo_driver.php34
-rw-r--r--system/database/drivers/postgre/postgre_driver.php29
-rw-r--r--system/database/drivers/sqlite/sqlite_driver.php29
-rw-r--r--system/database/drivers/sqlite3/sqlite3_driver.php29
-rw-r--r--system/database/drivers/sqlsrv/sqlsrv_driver.php15
-rw-r--r--system/libraries/Trackback.php5
-rw-r--r--user_guide_src/source/changelog.rst1
15 files changed, 90 insertions, 326 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 8c98a876e..1e5e8c6f7 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -1004,12 +1004,46 @@ abstract class CI_DB_driver {
// --------------------------------------------------------------------
/**
+ * Escape String
+ *
+ * @param string $str
+ * @param bool $like Whether or not the string will be used in a LIKE condition
+ * @return string
+ */
+ public function escape_str($str, $like = FALSE)
+ {
+ if (is_array($str))
+ {
+ foreach ($str as $key => $val)
+ {
+ $str[$key] = $this->escape_str($val, $like);
+ }
+
+ return $str;
+ }
+
+ $str = $this->_escape_str($str);
+
+ // escape LIKE condition wildcards
+ if ($like === TRUE)
+ {
+ return str_replace(array($this->_like_escape_chr, '%', '_'),
+ array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'),
+ $str);
+ }
+
+ return $str;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* Escape LIKE String
*
* Calls the individual driver for platform
* specific escaping for LIKE conditions
*
- * @param string
+ * @param string|string[]
* @return mixed
*/
public function escape_like_str($str)
@@ -1020,6 +1054,19 @@ abstract class CI_DB_driver {
// --------------------------------------------------------------------
/**
+ * Platform-dependant string escape
+ *
+ * @param string
+ * @return string
+ */
+ protected function _escape_str($str)
+ {
+ return str_replace("'", "''", remove_invisible_characters($str));
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* Primary
*
* Retrieves the primary key. It assumes that the row in the first
diff --git a/system/database/drivers/cubrid/cubrid_driver.php b/system/database/drivers/cubrid/cubrid_driver.php
index 06ece4bd9..6663868bd 100644
--- a/system/database/drivers/cubrid/cubrid_driver.php
+++ b/system/database/drivers/cubrid/cubrid_driver.php
@@ -295,42 +295,21 @@ class CI_DB_cubrid_driver extends CI_DB {
// --------------------------------------------------------------------
/**
- * Escape String
+ * Platform-dependant string escape
*
- * @param string $str
- * @param bool $like Whether or not the string will be used in a LIKE condition
+ * @param string
* @return string
*/
- public function escape_str($str, $like = FALSE)
+ protected function _escape_str($str)
{
- if (is_array($str))
- {
- foreach ($str as $key => $val)
- {
- $str[$key] = $this->escape_str($val, $like);
- }
-
- return $str;
- }
-
if (function_exists('cubrid_real_escape_string') &&
(is_resource($this->conn_id)
OR (get_resource_type($this->conn_id) === 'Unknown' && preg_match('/Resource id #/', strval($this->conn_id)))))
{
- $str = cubrid_real_escape_string($str, $this->conn_id);
- }
- else
- {
- $str = addslashes($str);
- }
-
- // escape LIKE condition wildcards
- if ($like === TRUE)
- {
- return str_replace(array('%', '_'), array('\\%', '\\_'), $str);
+ return cubrid_real_escape_string($str, $this->conn_id);
}
- return $str;
+ return addslashes($str);
}
// --------------------------------------------------------------------
diff --git a/system/database/drivers/ibase/ibase_driver.php b/system/database/drivers/ibase/ibase_driver.php
index 875f148a1..745011056 100644
--- a/system/database/drivers/ibase/ibase_driver.php
+++ b/system/database/drivers/ibase/ibase_driver.php
@@ -192,38 +192,6 @@ class CI_DB_ibase_driver extends CI_DB {
// --------------------------------------------------------------------
/**
- * Escape String
- *
- * @param string $str
- * @param bool $like Whether or not the string will be used in a LIKE condition
- * @return string
- */
- public function escape_str($str, $like = FALSE)
- {
- if (is_array($str))
- {
- foreach ($str as $key => $val)
- {
- $str[$key] = $this->escape_str($val, $like);
- }
-
- return $str;
- }
-
- // escape LIKE condition wildcards
- if ($like === TRUE)
- {
- return str_replace(array($this->_like_escape_chr, '%', '_'),
- array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'),
- $str);
- }
-
- return $str;
- }
-
- // --------------------------------------------------------------------
-
- /**
* Affected Rows
*
* @return int
diff --git a/system/database/drivers/mssql/mssql_driver.php b/system/database/drivers/mssql/mssql_driver.php
index 286135f19..f60071ed9 100644
--- a/system/database/drivers/mssql/mssql_driver.php
+++ b/system/database/drivers/mssql/mssql_driver.php
@@ -229,43 +229,6 @@ class CI_DB_mssql_driver extends CI_DB {
// --------------------------------------------------------------------
/**
- * Escape String
- *
- * @param string $str
- * @param bool $like Whether or not the string will be used in a LIKE condition
- * @return string
- */
- public function escape_str($str, $like = FALSE)
- {
- if (is_array($str))
- {
- foreach ($str as $key => $val)
- {
- $str[$key] = $this->escape_str($val, $like);
- }
-
- return $str;
- }
-
- // Escape single quotes
- $str = str_replace("'", "''", remove_invisible_characters($str));
-
- // escape LIKE condition wildcards
- if ($like === TRUE)
- {
- return str_replace(
- array($this->_like_escape_chr, '%', '_'),
- array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'),
- $str
- );
- }
-
- return $str;
- }
-
- // --------------------------------------------------------------------
-
- /**
* Affected Rows
*
* @return int
diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php
index c6b46f070..492b07861 100644
--- a/system/database/drivers/mysql/mysql_driver.php
+++ b/system/database/drivers/mysql/mysql_driver.php
@@ -312,35 +312,16 @@ class CI_DB_mysql_driver extends CI_DB {
// --------------------------------------------------------------------
/**
- * Escape String
+ * Platform-dependant string escape
*
- * @param string $str
- * @param bool $like Whether or not the string will be used in a LIKE condition
+ * @param string
* @return string
*/
- public function escape_str($str, $like = FALSE)
+ protected function _escape_str($str)
{
- if (is_array($str))
- {
- foreach ($str as $key => $val)
- {
- $str[$key] = $this->escape_str($val, $like);
- }
-
- return $str;
- }
-
- $str = is_resource($this->conn_id) ? mysql_real_escape_string($str, $this->conn_id) : addslashes($str);
-
- // escape LIKE condition wildcards
- if ($like === TRUE)
- {
- return str_replace(array($this->_like_escape_chr, '%', '_'),
- array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'),
- $str);
- }
-
- return $str;
+ return is_resource($this->conn_id)
+ ? mysql_real_escape_string($str, $this->conn_id)
+ : addslashes($str);
}
// --------------------------------------------------------------------
diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php
index be9176e16..b64a7a2e8 100644
--- a/system/database/drivers/mysqli/mysqli_driver.php
+++ b/system/database/drivers/mysqli/mysqli_driver.php
@@ -289,35 +289,16 @@ class CI_DB_mysqli_driver extends CI_DB {
// --------------------------------------------------------------------
/**
- * Escape String
+ * Platform-dependant string escape
*
- * @param string $str
- * @param bool $like Whether or not the string will be used in a LIKE condition
+ * @param string
* @return string
*/
- public function escape_str($str, $like = FALSE)
+ protected function _escape_str($str)
{
- if (is_array($str))
- {
- foreach ($str as $key => $val)
- {
- $str[$key] = $this->escape_str($val, $like);
- }
-
- return $str;
- }
-
- $str = is_object($this->conn_id) ? $this->conn_id->real_escape_string($str) : addslashes($str);
-
- // escape LIKE condition wildcards
- if ($like === TRUE)
- {
- return str_replace(array($this->_like_escape_chr, '%', '_'),
- array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'),
- $str);
- }
-
- return $str;
+ return is_object($this->conn_id)
+ ? $this->conn_id->real_escape_string($str)
+ : addslashes($str);
}
// --------------------------------------------------------------------
diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php
index 6a850b43e..0ec8b53b8 100644
--- a/system/database/drivers/oci8/oci8_driver.php
+++ b/system/database/drivers/oci8/oci8_driver.php
@@ -461,40 +461,6 @@ class CI_DB_oci8_driver extends CI_DB {
// --------------------------------------------------------------------
/**
- * Escape String
- *
- * @param string $str
- * @param bool $like Whether or not the string will be used in a LIKE condition
- * @return string
- */
- public function escape_str($str, $like = FALSE)
- {
- if (is_array($str))
- {
- foreach ($str as $key => $val)
- {
- $str[$key] = $this->escape_str($val, $like);
- }
-
- return $str;
- }
-
- $str = str_replace("'", "''", remove_invisible_characters($str));
-
- // escape LIKE condition wildcards
- if ($like === TRUE)
- {
- return str_replace(array($this->_like_escape_chr, '%', '_'),
- array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'),
- $str);
- }
-
- return $str;
- }
-
- // --------------------------------------------------------------------
-
- /**
* Affected Rows
*
* @return int
diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php
index 8f247edd5..45e91cbc5 100644
--- a/system/database/drivers/odbc/odbc_driver.php
+++ b/system/database/drivers/odbc/odbc_driver.php
@@ -203,35 +203,14 @@ class CI_DB_odbc_driver extends CI_DB {
// --------------------------------------------------------------------
/**
- * Escape String
+ * Platform-dependant string escape
*
- * @param string $str
- * @param bool $like Whether or not the string will be used in a LIKE condition
+ * @param string
* @return string
*/
- public function escape_str($str, $like = FALSE)
+ protected function _escape_str($str)
{
- if (is_array($str))
- {
- foreach ($str as $key => $val)
- {
- $str[$key] = $this->escape_str($val, $like);
- }
-
- return $str;
- }
-
- $str = remove_invisible_characters($str);
-
- // escape LIKE condition wildcards
- if ($like === TRUE)
- {
- return str_replace(array($this->_like_escape_chr, '%', '_'),
- array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'),
- $str);
- }
-
- return $str;
+ return remove_invisible_characters($str);
}
// --------------------------------------------------------------------
diff --git a/system/database/drivers/pdo/pdo_driver.php b/system/database/drivers/pdo/pdo_driver.php
index 37090cb5d..34adf0f86 100644
--- a/system/database/drivers/pdo/pdo_driver.php
+++ b/system/database/drivers/pdo/pdo_driver.php
@@ -257,42 +257,20 @@ class CI_DB_pdo_driver extends CI_DB {
// --------------------------------------------------------------------
/**
- * Escape String
+ * Platform-dependant string escape
*
- * @param string $str
- * @param bool $like Whether or not the string will be used in a LIKE condition
+ * @param string
* @return string
*/
- public function escape_str($str, $like = FALSE)
+ protected function _escape_str($str)
{
- if (is_array($str))
- {
- foreach ($str as $key => $val)
- {
- $str[$key] = $this->escape_str($val, $like);
- }
-
- return $str;
- }
-
// Escape the string
$str = $this->conn_id->quote($str);
// If there are duplicated quotes, trim them away
- if ($str[0] === "'")
- {
- $str = substr($str, 1, -1);
- }
-
- // escape LIKE condition wildcards
- if ($like === TRUE)
- {
- return str_replace(array($this->_like_escape_chr, '%', '_'),
- array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'),
- $str);
- }
-
- return $str;
+ return ($str[0] === "'")
+ ? substr($str, 1, -1)
+ : $str;
}
// --------------------------------------------------------------------
diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php
index 643d6c8ef..d35e351fc 100644
--- a/system/database/drivers/postgre/postgre_driver.php
+++ b/system/database/drivers/postgre/postgre_driver.php
@@ -311,35 +311,14 @@ class CI_DB_postgre_driver extends CI_DB {
// --------------------------------------------------------------------
/**
- * Escape String
+ * Platform-dependant string escape
*
- * @param string $str
- * @param bool $like Whether or not the string will be used in a LIKE condition
+ * @param string
* @return string
*/
- public function escape_str($str, $like = FALSE)
+ protected function _escape_str($str)
{
- if (is_array($str))
- {
- foreach ($str as $key => $val)
- {
- $str[$key] = $this->escape_str($val, $like);
- }
-
- return $str;
- }
-
- $str = pg_escape_string($str);
-
- // escape LIKE condition wildcards
- if ($like === TRUE)
- {
- return str_replace(array($this->_like_escape_chr, '%', '_'),
- array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'),
- $str);
- }
-
- return $str;
+ return pg_escape_string($str);
}
// --------------------------------------------------------------------
diff --git a/system/database/drivers/sqlite/sqlite_driver.php b/system/database/drivers/sqlite/sqlite_driver.php
index da7d90bb2..6a3397f6f 100644
--- a/system/database/drivers/sqlite/sqlite_driver.php
+++ b/system/database/drivers/sqlite/sqlite_driver.php
@@ -200,35 +200,14 @@ class CI_DB_sqlite_driver extends CI_DB {
// --------------------------------------------------------------------
/**
- * Escape String
+ * Platform-dependant string escape
*
- * @param string $str
- * @param bool $like Whether or not the string will be used in a LIKE condition
+ * @param string
* @return string
*/
- public function escape_str($str, $like = FALSE)
+ protected function _escape_str($str)
{
- if (is_array($str))
- {
- foreach ($str as $key => $val)
- {
- $str[$key] = $this->escape_str($val, $like);
- }
-
- return $str;
- }
-
- $str = sqlite_escape_string($str);
-
- // escape LIKE condition wildcards
- if ($like === TRUE)
- {
- return str_replace(array($this->_like_escape_chr, '%', '_'),
- array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'),
- $str);
- }
-
- return $str;
+ return sqlite_escape_string($str);
}
// --------------------------------------------------------------------
diff --git a/system/database/drivers/sqlite3/sqlite3_driver.php b/system/database/drivers/sqlite3/sqlite3_driver.php
index 529191114..4d131c31a 100644
--- a/system/database/drivers/sqlite3/sqlite3_driver.php
+++ b/system/database/drivers/sqlite3/sqlite3_driver.php
@@ -189,35 +189,14 @@ class CI_DB_sqlite3_driver extends CI_DB {
// --------------------------------------------------------------------
/**
- * Escape String
+ * Platform-dependant string escape
*
- * @param string $str
- * @param bool $like Whether or not the string will be used in a LIKE condition
+ * @param string
* @return string
*/
- public function escape_str($str, $like = FALSE)
+ protected function _escape_str($str)
{
- if (is_array($str))
- {
- foreach ($str as $key => $val)
- {
- $str[$key] = $this->escape_str($val, $like);
- }
-
- return $str;
- }
-
- $str = $this->conn_id->escapeString(remove_invisible_characters($str));
-
- // escape LIKE condition wildcards
- if ($like === TRUE)
- {
- return str_replace(array($this->_like_escape_chr, '%', '_'),
- array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'),
- $str);
- }
-
- return $str;
+ return $this->conn_id->escapeString(remove_invisible_characters($str));
}
// --------------------------------------------------------------------
diff --git a/system/database/drivers/sqlsrv/sqlsrv_driver.php b/system/database/drivers/sqlsrv/sqlsrv_driver.php
index 0e04c5c67..09e6b8c9a 100644
--- a/system/database/drivers/sqlsrv/sqlsrv_driver.php
+++ b/system/database/drivers/sqlsrv/sqlsrv_driver.php
@@ -222,21 +222,6 @@ class CI_DB_sqlsrv_driver extends CI_DB {
// --------------------------------------------------------------------
/**
- * Escape String
- *
- * @param string $str
- * @param bool $like Whether or not the string will be used in a LIKE condition
- * @return string
- */
- public function escape_str($str, $like = FALSE)
- {
- // Escape single quotes
- return str_replace("'", "''", $str);
- }
-
- // --------------------------------------------------------------------
-
- /**
* Affected Rows
*
* @return int
diff --git a/system/libraries/Trackback.php b/system/libraries/Trackback.php
index 2fb737d6b..ecc7129e3 100644
--- a/system/libraries/Trackback.php
+++ b/system/libraries/Trackback.php
@@ -268,9 +268,8 @@ class CI_Trackback {
}
// Build the path
- $ppath = isset($target['path']) ? $target['path'] : $url;
-
- $path = empty($target['query']) ? $ppath : $ppath.'?'.$target['query'];
+ $path = isset($target['path']) ? $target['path'] : $url;
+ empty($target['query']) OR $path .= '?'.$target['query'];
// Add the Trackback ID to the data string
if ($id = $this->get_id($url))
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 744150bb4..2966f659f 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -468,6 +468,7 @@ Bug fixes for 3.0
- Fixed a bug (#188) - :doc:`Unit Testing Library <libraries/unit_testing>` filled up logs with error messages for non-existing language keys.
- Fixed a bug (#113) - :doc:`Form Validation Library <libraries/form_validation>` didn't properly handle empty fields that were specified as an array.
- Fixed a bug (#2061) - :doc:`Routing Class <general/routing>` didn't properly sanitize directory, controller and function triggers with **enable_query_strings** set to TRUE.
+- Fixed a bug - SQLSRV didn't support ``escape_like_str()`` or escaping an array of values.
Version 2.1.3
=============