From 47663970e357c51ad16d1a1a3d3b52428c022505 Mon Sep 17 00:00:00 2001
From: Timothy Warren <tim@timshomepage.net>
Date: Wed, 5 Oct 2011 16:44:50 -0400
Subject: Changed to escape using PDO::quote()

---
 system/database/drivers/pdo/pdo_driver.php | 15 ++++-----------
 1 file changed, 4 insertions(+), 11 deletions(-)

(limited to 'system/database/drivers')

diff --git a/system/database/drivers/pdo/pdo_driver.php b/system/database/drivers/pdo/pdo_driver.php
index 244a15e1e..568819a08 100644
--- a/system/database/drivers/pdo/pdo_driver.php
+++ b/system/database/drivers/pdo/pdo_driver.php
@@ -308,19 +308,12 @@ class CI_DB_pdo_driver extends CI_DB {
 
 			return $str;
 		}
-
-		// Remove invisible characters
-		$str = remove_invisible_characters($str);
 		
-		//Make sure to escape slashes and quotes
-		$replace = array(
-			"\\"	=> "\\\\",
-			"'"		=> "\\'",
-			"\""	=> "\\\"",
-		);
-					
-		$str = strtr($str, $replace);
+		//Escape the string
+		$str = $this->conn_id->quote($str);
 		
+		//If there are duplicated quotes, trim them away
+		$str = substr($str, 1, -1);
 
 		// escape LIKE condition wildcards
 		if ($like === TRUE)
-- 
cgit v1.2.3-24-g4f1b