From e4ed583067095144eb20aefc61d4499d8386532a Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Fri, 20 Feb 2009 21:44:59 +0000 Subject: added LIKE condition escaping to all drivers and Active Record updated all DB drivers to accept arrays in escape_str() --- system/database/drivers/postgre/postgre_driver.php | 31 +++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) (limited to 'system/database/drivers/postgre') diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php index 9d53b1ef8..8d0d8901c 100644 --- a/system/database/drivers/postgre/postgre_driver.php +++ b/system/database/drivers/postgre/postgre_driver.php @@ -34,6 +34,10 @@ class CI_DB_postgre_driver extends CI_DB { var $_escape_char = '"'; + // clause and character used for LIKE escape sequences + var $_like_escape_str = " ESCAPE '%s' "; + var $_like_escape_chr = '!'; + /** * The syntax to count rows is slightly different across different * database engines, so this string appears in each driver and is @@ -253,11 +257,32 @@ class CI_DB_postgre_driver extends CI_DB { * * @access public * @param string + * @param bool whether or not the string will be used in a LIKE condition * @return string */ - function escape_str($str) - { - return pg_escape_string($str); + function escape_str($str, $like = FALSE) + { + if (is_array($str)) + { + foreach($str as $key => $val) + { + $str[$key] = $this->escape_str($val, $like); + } + + return $str; + } + + $str = pg_escape_string($str); + + // escape LIKE condition wildcards + if ($like === TRUE) + { + $str = str_replace( array('%', '_', $this->_like_escape_chr), + array($this->_like_escape_chr.'%', $this->_like_escape_chr.'_', $this->_like_escape_chr.$this->_like_escape_chr), + $str); + } + + return $str; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b