From 0b6a492ce1092172b9e3445e674ff9a344d33650 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 10 Jan 2013 16:53:44 +0200 Subject: Unify escape_str() array input and LIKE logic Added protected method _escape_str() to deal with quote escaping. --- system/database/DB_driver.php | 49 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 48 insertions(+), 1 deletion(-) (limited to 'system/database/DB_driver.php') diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 8c98a876e..1e5e8c6f7 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -1003,13 +1003,47 @@ abstract class CI_DB_driver { // -------------------------------------------------------------------- + /** + * Escape String + * + * @param string $str + * @param bool $like Whether or not the string will be used in a LIKE condition + * @return string + */ + public function escape_str($str, $like = FALSE) + { + if (is_array($str)) + { + foreach ($str as $key => $val) + { + $str[$key] = $this->escape_str($val, $like); + } + + return $str; + } + + $str = $this->_escape_str($str); + + // escape LIKE condition wildcards + if ($like === TRUE) + { + return str_replace(array($this->_like_escape_chr, '%', '_'), + array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'), + $str); + } + + return $str; + } + + // -------------------------------------------------------------------- + /** * Escape LIKE String * * Calls the individual driver for platform * specific escaping for LIKE conditions * - * @param string + * @param string|string[] * @return mixed */ public function escape_like_str($str) @@ -1019,6 +1053,19 @@ abstract class CI_DB_driver { // -------------------------------------------------------------------- + /** + * Platform-dependant string escape + * + * @param string + * @return string + */ + protected function _escape_str($str) + { + return str_replace("'", "''", remove_invisible_characters($str)); + } + + // -------------------------------------------------------------------- + /** * Primary * -- cgit v1.2.3-24-g4f1b