Fix issue #136 (MySQL escape_like_str())
diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php
index 161f995..d801a9a 100644
--- a/system/database/drivers/mysql/mysql_driver.php
+++ b/system/database/drivers/mysql/mysql_driver.php
@@ -47,7 +47,7 @@
// clause and character used for LIKE escape sequences - not used in MySQL
protected $_like_escape_str = '';
- protected $_like_escape_chr = '';
+ protected $_like_escape_chr = '\\';
/**
* The syntax to count rows is slightly different across different
@@ -291,7 +291,9 @@
// escape LIKE condition wildcards
if ($like === TRUE)
{
- return str_replace(array('%', '_'), array('\\%', '\\_'), $str);
+ return str_replace(array($this->_like_escape_chr, '%', '_'),
+ array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'),
+ $str);
}
return $str;
diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php
index 9261883..61761e0 100644
--- a/system/database/drivers/mysqli/mysqli_driver.php
+++ b/system/database/drivers/mysqli/mysqli_driver.php
@@ -47,7 +47,7 @@
// clause and character used for LIKE escape sequences - not used in MySQL
protected $_like_escape_str = '';
- protected $_like_escape_chr = '';
+ protected $_like_escape_chr = '\\';
/**
* The syntax to count rows is slightly different across different
@@ -291,7 +291,9 @@
// escape LIKE condition wildcards
if ($like === TRUE)
{
- return str_replace(array('%', '_'), array('\\%', '\\_'), $str);
+ return str_replace(array($this->_like_escape_chr, '%', '_'),
+ array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'),
+ $str);
}
return $str;
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 5407fb0..4b8a0f2 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -195,7 +195,7 @@
- Fixed a bug in the :doc:`Session Library <libraries/sessions>` where a PHP E_NOTICE error was triggered by _unserialize() due to results from databases such as MSSQL and Oracle being space-padded on the right.
- Fixed a bug (#501) - set_rules() to check if the request method is not 'POST' before aborting, instead of depending on count($_POST) in the :doc:`Form Validation Library <libraries/form_validation>`.
- Fixed a bug (#940) - csrf_verify() used to set the CSRF cookie while processing a POST request with no actual POST data, which resulted in validating a request that should be considered invalid.
-- Fixed a bug in PostgreSQL's escape_str() where it didn't properly escape LIKE wild characters.
+- Fixed a bug (#136) - PostgreSQL, MySQL and MySQLi's escape_str() method didn't properly escape LIKE wild characters.
- Fixed a bug in the library loader where some PHP versions wouldn't execute the class constructor.
- Fixed a bug (#88) - An unexisting property was used for configuration of the Memcache cache driver.
- Fixed a bug (#14) - create_database() method in the :doc:`Database Forge Library <database/forge>` didn't utilize the configured database character set.