Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 9f5316e96ea635a15aa5906bfd2abaea19520970^! / . / system / database
commit9f5316e96ea635a15aa5906bfd2abaea19520970[log] [tgz]
authorTimothy Warren <tim@timshomepage.net>Wed Sep 14 12:25:14 2011 -0400
committerPhil Sturgeon <email@philsturgeon.co.uk>Thu Oct 27 12:59:53 2011 +0100
tree46fca70c28c6d168be4774c1b8f64e42a52597ba
parentf2bae2cb50d040e17ca0323b394a60499e639834 [diff]
Fixed LIKE statement escaping issues

diff --git a/system/database/drivers/pdo/pdo_driver.php b/system/database/drivers/pdo/pdo_driver.php
index 19e069b..4c911aa 100644
--- a/system/database/drivers/pdo/pdo_driver.php
+++ b/system/database/drivers/pdo/pdo_driver.php

@@ -28,6 +28,7 @@
  * @author		ExpressionEngine Dev Team
  * @link		http://codeigniter.com/user_guide/database/
  */
+
 class CI_DB_pdo_driver extends CI_DB {
 
 	var $dbdriver = 'pdo';
@@ -36,7 +37,7 @@
 	var $_escape_char = '';
 	var $_like_escape_str;
 	var $_like_escape_chr;
-	
+
 
 	/**
 	 * The syntax to count rows is slightly different across different
@@ -50,7 +51,7 @@
 	function __construct($params)
 	{
 		parent::__construct($params);
-		
+
 		// clause and character used for LIKE escape sequences
 		if (strpos($this->hostname, 'mysql') !== FALSE)
 		{
@@ -67,7 +68,7 @@
 			$this->_like_escape_str = " ESCAPE '%s' ";
 			$this->_like_escape_chr = '!';
 		}
-		
+
 		$this->hostname = $this->hostname . ";dbname=".$this->database;
 		$this->trans_enabled = FALSE;
 
@@ -179,7 +180,7 @@
 	{
 		$sql = $this->_prep_query($sql);
 		$result_id = $this->conn_id->query($sql);
-		
+
 		if (is_object($result_id))
 		{
 			$this->affect_rows = $result_id->rowCount();
@@ -188,7 +189,7 @@
 		{
 			$this->affect_rows = 0;
 		}
-		
+
 		return $result_id;
 	}
 
@@ -308,16 +309,16 @@
 
 			return $str;
 		}
-		
+
 		//Escape the string
 		$str = $this->conn_id->quote($str);
-		
+
 		//If there are duplicated quotes, trim them away
 		if (strpos($str, "'") === 0)
 		{
 			$str = substr($str, 1, -1);
 		}
-		
+
 		// escape LIKE condition wildcards
 		if ($like === TRUE)
 		{
@@ -519,7 +520,7 @@
 		if (strpos($item, '.') !== FALSE)
 		{
 			$str = $this->_escape_char.str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item).$this->_escape_char;
-			
+
 		}
 		else
 		{
@@ -569,7 +570,7 @@
 	{
 		return "INSERT INTO ".$table." (".implode(', ', $keys).") VALUES (".implode(', ', $values).")";
 	}
-	
+
 	// --------------------------------------------------------------------
 
 	/**
@@ -622,7 +623,7 @@
 
 		return $sql;
 	}
-	
+
 	// --------------------------------------------------------------------
 
 	/**
@@ -764,7 +765,7 @@
 			{
 				$sql .= " OFFSET ".$offset;
 			}
-			
+
 			return $sql;
 		}
 	}