updated _list_tables() in db drivers to escape the db prefix for LIKE wildcards
diff --git a/system/database/drivers/mssql/mssql_driver.php b/system/database/drivers/mssql/mssql_driver.php
index c89e254..ddc036d 100644
--- a/system/database/drivers/mssql/mssql_driver.php
+++ b/system/database/drivers/mssql/mssql_driver.php
@@ -373,7 +373,7 @@
// for future compatibility
if ($prefix_limit !== FALSE AND $this->dbprefix != '')
{
- //$sql .= " LIKE '".$this->dbprefix."%'";
+ //$sql .= " LIKE '".$this->escape_like_str($this->dbprefix)."%' ".sprintf($this->_like_escape_str, $this->_like_escape_char);
return FALSE; // not currently supported
}
diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php
index 5b2ba62..2b05c3f 100644
--- a/system/database/drivers/mysql/mysql_driver.php
+++ b/system/database/drivers/mysql/mysql_driver.php
@@ -370,7 +370,7 @@
if ($prefix_limit !== FALSE AND $this->dbprefix != '')
{
- $sql .= " LIKE '".$this->dbprefix."%'";
+ $sql .= " LIKE '".$this->escape_like_str($this->dbprefix)."%'";
}
return $sql;
diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php
index 92d8711..6558112 100644
--- a/system/database/drivers/mysqli/mysqli_driver.php
+++ b/system/database/drivers/mysqli/mysqli_driver.php
@@ -371,7 +371,7 @@
if ($prefix_limit !== FALSE AND $this->dbprefix != '')
{
- $sql .= " LIKE '".$this->dbprefix."%'";
+ $sql .= " LIKE '".$this->escape_like_str($this->dbprefix)."%'";
}
return $sql;
diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php
index 1fdb1bc..4dfec2e 100644
--- a/system/database/drivers/oci8/oci8_driver.php
+++ b/system/database/drivers/oci8/oci8_driver.php
@@ -477,7 +477,7 @@
if ($prefix_limit !== FALSE AND $this->dbprefix != '')
{
- $sql .= " WHERE TABLE_NAME LIKE '".$this->dbprefix."%'";
+ $sql .= " WHERE TABLE_NAME LIKE '".$this->escape_like_str($this->dbprefix)."%' ".sprintf($this->_like_escape_str, $this->_like_escape_char);
}
return $sql;
diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php
index a14aaa1..f7db4ca 100644
--- a/system/database/drivers/odbc/odbc_driver.php
+++ b/system/database/drivers/odbc/odbc_driver.php
@@ -346,7 +346,7 @@
if ($prefix_limit !== FALSE AND $this->dbprefix != '')
{
- //$sql .= " LIKE '".$this->dbprefix."%'";
+ //$sql .= " LIKE '".$this->escape_like_str($this->dbprefix)."%' ".sprintf($this->_like_escape_str, $this->_like_escape_char);
return FALSE; // not currently supported
}
diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php
index 8d0d890..4bc5b7d 100644
--- a/system/database/drivers/postgre/postgre_driver.php
+++ b/system/database/drivers/postgre/postgre_driver.php
@@ -386,7 +386,7 @@
if ($prefix_limit !== FALSE AND $this->dbprefix != '')
{
- $sql .= " AND table_name LIKE '".$this->dbprefix."%'";
+ $sql .= " AND table_name LIKE '".$this->escape_like_str($this->dbprefix)."%' ".sprintf($this->_like_escape_str, $this->_like_escape_char);
}
return $sql;
diff --git a/system/database/drivers/sqlite/sqlite_driver.php b/system/database/drivers/sqlite/sqlite_driver.php
index 104a3bc..bb1e6d0 100644
--- a/system/database/drivers/sqlite/sqlite_driver.php
+++ b/system/database/drivers/sqlite/sqlite_driver.php
@@ -358,7 +358,7 @@
if ($prefix_limit !== FALSE AND $this->dbprefix != '')
{
- $sql .= " AND 'name' LIKE '".$this->dbprefix."%'";
+ $sql .= " AND 'name' LIKE '".$this->escape_like_str($this->dbprefix)."%' ".sprintf($this->_like_escape_str, $this->_like_escape_char);
}
return $sql;
}