Fix a PostgreSQL string escaping bug and use pg_escape_literal() when possible
diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php
index dbf7c6b..b72fb87 100644
--- a/system/database/drivers/postgre/postgre_driver.php
+++ b/system/database/drivers/postgre/postgre_driver.php
@@ -331,7 +331,7 @@
*/
protected function _escape_str($str)
{
- return pg_escape_string($str);
+ return pg_escape_string($this->conn_id, $str);
}
// --------------------------------------------------------------------
@@ -346,7 +346,11 @@
*/
public function escape($str)
{
- if (is_bool($str))
+ if (is_php('5.4.4') && (is_string($str) OR (is_object($str) && method_exists($str, '__toString'))))
+ {
+ return pg_escape_literal($this->conn_id, $str);
+ }
+ elseif (is_bool($str))
{
return ($str) ? 'TRUE' : 'FALSE';
}
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 9803665..357ecc1 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -199,6 +199,7 @@
- Removed ``limit()`` and ``order_by()`` support for *UPDATE* and *DELETE* queries as PostgreSQL does not support those features.
- Added a work-around for dead persistent connections to be re-created after a database restart.
- Changed ``db_connect()`` to include the (new) **schema** value into Postgre's **search_path** session variable.
+ - ``pg_escape_literal()`` is now used for escaping strings, if available.
- Improved support of the CUBRID driver, including:
@@ -612,6 +613,7 @@
- Fixed an edge case (#2583) in the :doc:`Email Library <libraries/email>` where `Suhosin <http://www.hardened-php.net/suhosin/>` blocked messages sent via ``mail()`` due to trailing newspaces in headers.
- Fixed a bug (#2590) - :php:func:`log_message()` didn't actually cache the ``CI_Log`` class instance.
- Fixed a bug (#2609) - :php:func:`get_config()` optional argument was only effective on first function call. Also, it can now add items, in addition to updating existing items.
+- Fixed a bug in the 'postgre' :doc:`database <database/index>` driver where the connection ID wasn't passed to ``pg_escape_string()``.
Version 2.1.4
=============