From 21cb2d32edd595a38189cdba137e694c3a22e1f0 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 25 May 2012 01:01:06 +0300 Subject: Fix issue #136 (MySQL escape_like_str()) --- system/database/drivers/mysql/mysql_driver.php | 6 ++++-- system/database/drivers/mysqli/mysqli_driver.php | 6 ++++-- user_guide_src/source/changelog.rst | 2 +- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php index 161f99541..d801a9aaf 100644 --- a/system/database/drivers/mysql/mysql_driver.php +++ b/system/database/drivers/mysql/mysql_driver.php @@ -47,7 +47,7 @@ class CI_DB_mysql_driver extends CI_DB { // clause and character used for LIKE escape sequences - not used in MySQL protected $_like_escape_str = ''; - protected $_like_escape_chr = ''; + protected $_like_escape_chr = '\\'; /** * The syntax to count rows is slightly different across different @@ -291,7 +291,9 @@ class CI_DB_mysql_driver extends CI_DB { // escape LIKE condition wildcards if ($like === TRUE) { - return str_replace(array('%', '_'), array('\\%', '\\_'), $str); + return str_replace(array($this->_like_escape_chr, '%', '_'), + array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'), + $str); } return $str; diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index 9261883f5..61761e0c6 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -47,7 +47,7 @@ class CI_DB_mysqli_driver extends CI_DB { // clause and character used for LIKE escape sequences - not used in MySQL protected $_like_escape_str = ''; - protected $_like_escape_chr = ''; + protected $_like_escape_chr = '\\'; /** * The syntax to count rows is slightly different across different @@ -291,7 +291,9 @@ class CI_DB_mysqli_driver extends CI_DB { // escape LIKE condition wildcards if ($like === TRUE) { - return str_replace(array('%', '_'), array('\\%', '\\_'), $str); + return str_replace(array($this->_like_escape_chr, '%', '_'), + array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'), + $str); } return $str; diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 5407fb05e..4b8a0f2d3 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -195,7 +195,7 @@ Bug fixes for 3.0 - Fixed a bug in the :doc:`Session Library ` where a PHP E_NOTICE error was triggered by _unserialize() due to results from databases such as MSSQL and Oracle being space-padded on the right. - Fixed a bug (#501) - set_rules() to check if the request method is not 'POST' before aborting, instead of depending on count($_POST) in the :doc:`Form Validation Library `. - Fixed a bug (#940) - csrf_verify() used to set the CSRF cookie while processing a POST request with no actual POST data, which resulted in validating a request that should be considered invalid. -- Fixed a bug in PostgreSQL's escape_str() where it didn't properly escape LIKE wild characters. +- Fixed a bug (#136) - PostgreSQL, MySQL and MySQLi's escape_str() method didn't properly escape LIKE wild characters. - Fixed a bug in the library loader where some PHP versions wouldn't execute the class constructor. - Fixed a bug (#88) - An unexisting property was used for configuration of the Memcache cache driver. - Fixed a bug (#14) - create_database() method in the :doc:`Database Forge Library ` didn't utilize the configured database character set. -- cgit v1.2.3-24-g4f1b