From 3a5efc291ac17a8a9886be25f6b430796969d154 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 20 Nov 2012 21:18:08 +0200 Subject: Fix issue #2015 --- system/database/DB_driver.php | 2 +- system/database/DB_query_builder.php | 17 ++-- .../drivers/pdo/subdrivers/pdo_pgsql_driver.php | 105 ++++----------------- system/database/drivers/postgre/postgre_driver.php | 85 ----------------- 4 files changed, 29 insertions(+), 180 deletions(-) (limited to 'system') diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 65ff792dc..9fcea39b6 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -985,7 +985,7 @@ abstract class CI_DB_driver { */ public function escape($str) { - if (is_string($str) OR method_exists($str, '__toString')) + if (is_string($str) OR (is_object($str) && method_exists($str, '__toString'))) { return "'".$this->escape_str($str)."'"; } diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 3154d148b..9bd535b0e 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -644,17 +644,11 @@ abstract class CI_DB_query_builder extends CI_DB_driver { ? $this->_group_get_type('') : $this->_group_get_type($type); - if (is_null($v) && ! $this->_has_operator($k)) - { - // value appears not to have been set, assign the test to IS NULL - $k .= ' IS NULL'; - } - if ( ! is_null($v)) { if ($escape === TRUE) { - $v = ' '.(is_int($v) ? $v : $this->escape($v)); + $v = ' '.$this->escape($v); } if ( ! $this->_has_operator($k)) @@ -662,6 +656,11 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $k .= ' = '; } } + elseif ( ! $this->_has_operator($k)) + { + // value appears not to have been set, assign the test to IS NULL + $k .= ' IS NULL'; + } $this->{$qb_key}[] = array('condition' => $prefix.$k.$v, 'escape' => $escape); if ($this->qb_caching === TRUE) @@ -2540,7 +2539,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { { $str = trim($str); - if (empty($str)) + if (empty($str) OR ctype_digit($str) OR (string) (float) $str === $str OR in_array(strtoupper($str), array('TRUE', 'FALSE'), TRUE)) { return TRUE; } @@ -2553,7 +2552,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { ? array('"', "'") : array("'"); } - return (ctype_digit($str) OR in_array($str[0], $_str, TRUE)); + return in_array($str[0], $_str, TRUE); } // -------------------------------------------------------------------- diff --git a/system/database/drivers/pdo/subdrivers/pdo_pgsql_driver.php b/system/database/drivers/pdo/subdrivers/pdo_pgsql_driver.php index 21edeebbd..803cc24e6 100644 --- a/system/database/drivers/pdo/subdrivers/pdo_pgsql_driver.php +++ b/system/database/drivers/pdo/subdrivers/pdo_pgsql_driver.php @@ -109,6 +109,26 @@ class CI_DB_pdo_pgsql_driver extends CI_DB_pdo_driver { // -------------------------------------------------------------------- + /** + * "Smart" Escape String + * + * Escapes data based on type + * + * @param string $str + * @return mixed + */ + public function escape($str) + { + if (is_bool($str)) + { + return ($str) ? 'TRUE' : 'FALSE'; + } + + return parent::escape($str); + } + + // -------------------------------------------------------------------- + /** * ORDER BY * @@ -311,91 +331,6 @@ class CI_DB_pdo_pgsql_driver extends CI_DB_pdo_driver { return $sql.' LIMIT '.$this->qb_limit.($this->qb_offset ? ' OFFSET '.$this->qb_offset : ''); } - // -------------------------------------------------------------------- - - /** - * WHERE, HAVING - * - * Called by where(), or_where(), having(), or_having() - * - * @param string 'qb_where' or 'qb_having' - * @param mixed - * @param mixed - * @param string - * @param bool - * @return object - */ - protected function _wh($qb_key, $key, $value = NULL, $type = 'AND ', $escape = NULL) - { - $qb_cache_key = ($qb_key === 'qb_having') ? 'qb_cache_having' : 'qb_cache_where'; - - if ( ! is_array($key)) - { - $key = array($key => $value); - } - - // If the escape value was not set will will base it on the global setting - is_bool($escape) OR $escape = $this->_protect_identifiers; - - foreach ($key as $k => $v) - { - $prefix = (count($this->$qb_key) === 0 && count($this->$qb_cache_key) === 0) - ? $this->_group_get_type('') - : $this->_group_get_type($type); - - if (is_null($v) && ! $this->_has_operator($k)) - { - // value appears not to have been set, assign the test to IS NULL - $k .= ' IS NULL'; - } - - if ( ! is_null($v)) - { - if (is_bool($v)) - { - $v = ' '.($v ? 'TRUE' : 'FALSE'); - } - elseif ($escape === TRUE) - { - $v = ' '.(is_int($v) ? $v : $this->escape($v)); - } - - if ( ! $this->_has_operator($k)) - { - $k .= ' = '; - } - } - - $this->{$qb_key}[] = array('condition' => $prefix.$k.$v, 'escape' => $escape); - if ($this->qb_caching === TRUE) - { - $this->{$qb_cache_key}[] = array('condition' => $prefix.$k.$v, 'escape' => $escape); - $this->qb_cache_exists[] = substr($qb_key, 3); - } - - } - - return $this; - } - - // -------------------------------------------------------------------- - - /** - * Is literal - * - * Determines if a string represents a literal value or a field name - * - * @param string $str - * @return bool - */ - protected function _is_literal($str) - { - $str = trim($str); - - return (empty($str) OR ctype_digit($str) OR $str[0] === "'" OR in_array($str, array('TRUE', 'FALSE'), TRUE)); - } - - } /* End of file pdo_pgsql_driver.php */ diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php index 95cfb9778..02db8084e 100644 --- a/system/database/drivers/postgre/postgre_driver.php +++ b/system/database/drivers/postgre/postgre_driver.php @@ -337,7 +337,6 @@ class CI_DB_postgre_driver extends CI_DB { * "Smart" Escape String * * Escapes data based on type - * Sets boolean and null types * * @param string $str * @return mixed @@ -631,90 +630,6 @@ class CI_DB_postgre_driver extends CI_DB { // -------------------------------------------------------------------- - /** - * WHERE, HAVING - * - * Called by where(), or_where(), having(), or_having() - * - * @param string 'qb_where' or 'qb_having' - * @param mixed - * @param mixed - * @param string - * @param bool - * @return object - */ - protected function _wh($qb_key, $key, $value = NULL, $type = 'AND ', $escape = NULL) - { - $qb_cache_key = ($qb_key === 'qb_having') ? 'qb_cache_having' : 'qb_cache_where'; - - if ( ! is_array($key)) - { - $key = array($key => $value); - } - - // If the escape value was not set will will base it on the global setting - is_bool($escape) OR $escape = $this->_protect_identifiers; - - foreach ($key as $k => $v) - { - $prefix = (count($this->$qb_key) === 0 && count($this->$qb_cache_key) === 0) - ? $this->_group_get_type('') - : $this->_group_get_type($type); - - if (is_null($v) && ! $this->_has_operator($k)) - { - // value appears not to have been set, assign the test to IS NULL - $k .= ' IS NULL'; - } - - if ( ! is_null($v)) - { - if (is_bool($v)) - { - $v = ' '.($v ? 'TRUE' : 'FALSE'); - } - elseif ($escape === TRUE) - { - $v = ' '.(is_int($v) ? $v : $this->escape($v)); - } - - if ( ! $this->_has_operator($k)) - { - $k .= ' = '; - } - } - - $this->{$qb_key}[] = array('condition' => $prefix.$k.$v, 'escape' => $escape); - if ($this->qb_caching === TRUE) - { - $this->{$qb_cache_key}[] = array('condition' => $prefix.$k.$v, 'escape' => $escape); - $this->qb_cache_exists[] = substr($qb_key, 3); - } - - } - - return $this; - } - - // -------------------------------------------------------------------- - - /** - * Is literal - * - * Determines if a string represents a literal value or a field name - * - * @param string $str - * @return bool - */ - protected function _is_literal($str) - { - $str = trim($str); - - return (empty($str) OR ctype_digit($str) OR $str[0] === "'" OR in_array($str, array('TRUE', 'FALSE'), TRUE)); - } - - // -------------------------------------------------------------------- - /** * Close DB Connection * -- cgit v1.2.3-24-g4f1b