From 3c11b6f5dee83ebe11dfdcec3022313c45a4a4e2 Mon Sep 17 00:00:00 2001
From: Derek Jones <derek.jones@ellislab.com>
Date: Fri, 20 Feb 2009 22:36:27 +0000
Subject: updated _list_tables() in db drivers to escape the db prefix for LIKE
 wildcards

---
 system/database/drivers/mssql/mssql_driver.php     | 2 +-
 system/database/drivers/mysql/mysql_driver.php     | 2 +-
 system/database/drivers/mysqli/mysqli_driver.php   | 2 +-
 system/database/drivers/oci8/oci8_driver.php       | 2 +-
 system/database/drivers/odbc/odbc_driver.php       | 2 +-
 system/database/drivers/postgre/postgre_driver.php | 2 +-
 system/database/drivers/sqlite/sqlite_driver.php   | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

(limited to 'system/database/drivers')

diff --git a/system/database/drivers/mssql/mssql_driver.php b/system/database/drivers/mssql/mssql_driver.php
index c89e2549e..ddc036da9 100644
--- a/system/database/drivers/mssql/mssql_driver.php
+++ b/system/database/drivers/mssql/mssql_driver.php
@@ -373,7 +373,7 @@ class CI_DB_mssql_driver extends CI_DB {
 		// for future compatibility
 		if ($prefix_limit !== FALSE AND $this->dbprefix != '')
 		{
-			//$sql .= " LIKE '".$this->dbprefix."%'";
+			//$sql .= " LIKE '".$this->escape_like_str($this->dbprefix)."%' ".sprintf($this->_like_escape_str, $this->_like_escape_char);
 			return FALSE; // not currently supported
 		}
 		
diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php
index 5b2ba62b8..2b05c3f15 100644
--- a/system/database/drivers/mysql/mysql_driver.php
+++ b/system/database/drivers/mysql/mysql_driver.php
@@ -370,7 +370,7 @@ class CI_DB_mysql_driver extends CI_DB {
 
 		if ($prefix_limit !== FALSE AND $this->dbprefix != '')
 		{
-			$sql .= " LIKE '".$this->dbprefix."%'";
+			$sql .= " LIKE '".$this->escape_like_str($this->dbprefix)."%'";
 		}
 
 		return $sql;
diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php
index 92d871111..6558112cd 100644
--- a/system/database/drivers/mysqli/mysqli_driver.php
+++ b/system/database/drivers/mysqli/mysqli_driver.php
@@ -371,7 +371,7 @@ class CI_DB_mysqli_driver extends CI_DB {
 		
 		if ($prefix_limit !== FALSE AND $this->dbprefix != '')
 		{
-			$sql .= " LIKE '".$this->dbprefix."%'";
+			$sql .= " LIKE '".$this->escape_like_str($this->dbprefix)."%'";
 		}
 		
 		return $sql;
diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php
index 1fdb1bc45..4dfec2e3f 100644
--- a/system/database/drivers/oci8/oci8_driver.php
+++ b/system/database/drivers/oci8/oci8_driver.php
@@ -477,7 +477,7 @@ class CI_DB_oci8_driver extends CI_DB {
 
 		if ($prefix_limit !== FALSE AND $this->dbprefix != '')
 		{
-			$sql .= " WHERE TABLE_NAME LIKE '".$this->dbprefix."%'";
+			$sql .= " WHERE TABLE_NAME LIKE '".$this->escape_like_str($this->dbprefix)."%' ".sprintf($this->_like_escape_str, $this->_like_escape_char);
 		}
 		
 		return $sql;
diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php
index a14aaa1f3..f7db4ca4b 100644
--- a/system/database/drivers/odbc/odbc_driver.php
+++ b/system/database/drivers/odbc/odbc_driver.php
@@ -346,7 +346,7 @@ class CI_DB_odbc_driver extends CI_DB {
 
 		if ($prefix_limit !== FALSE AND $this->dbprefix != '')
 		{
-			//$sql .= " LIKE '".$this->dbprefix."%'";
+			//$sql .= " LIKE '".$this->escape_like_str($this->dbprefix)."%' ".sprintf($this->_like_escape_str, $this->_like_escape_char);
 			return FALSE; // not currently supported
 		}
 		
diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php
index 8d0d8901c..4bc5b7d94 100644
--- a/system/database/drivers/postgre/postgre_driver.php
+++ b/system/database/drivers/postgre/postgre_driver.php
@@ -386,7 +386,7 @@ class CI_DB_postgre_driver extends CI_DB {
 		
 		if ($prefix_limit !== FALSE AND $this->dbprefix != '')
 		{
-			$sql .= " AND table_name LIKE '".$this->dbprefix."%'";
+			$sql .= " AND table_name LIKE '".$this->escape_like_str($this->dbprefix)."%' ".sprintf($this->_like_escape_str, $this->_like_escape_char);
 		}
 		
 		return $sql;
diff --git a/system/database/drivers/sqlite/sqlite_driver.php b/system/database/drivers/sqlite/sqlite_driver.php
index 104a3bc36..bb1e6d02e 100644
--- a/system/database/drivers/sqlite/sqlite_driver.php
+++ b/system/database/drivers/sqlite/sqlite_driver.php
@@ -358,7 +358,7 @@ class CI_DB_sqlite_driver extends CI_DB {
 
 		if ($prefix_limit !== FALSE AND $this->dbprefix != '')
 		{
-			$sql .= " AND 'name' LIKE '".$this->dbprefix."%'";
+			$sql .= " AND 'name' LIKE '".$this->escape_like_str($this->dbprefix)."%' ".sprintf($this->_like_escape_str, $this->_like_escape_char);
 		}
 		return $sql;
 	}
-- 
cgit v1.2.3-24-g4f1b