added removal of non-printing characters to escape_str() of drivers that do not have native PHP escaping mechanisms
diff --git a/system/database/drivers/mssql/mssql_driver.php b/system/database/drivers/mssql/mssql_driver.php
index 98c03c5..5ac90b4 100644
--- a/system/database/drivers/mssql/mssql_driver.php
+++ b/system/database/drivers/mssql/mssql_driver.php
@@ -214,7 +214,7 @@
function escape_str($str)
{
// Escape single quotes
- return str_replace("'", "''", $str);
+ return str_replace("'", "''", $this->input->_remove_invisible_characters($str));
}
// --------------------------------------------------------------------
diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php
index d6bc512..765c3f6 100644
--- a/system/database/drivers/oci8/oci8_driver.php
+++ b/system/database/drivers/oci8/oci8_driver.php
@@ -366,7 +366,7 @@
*/
function escape_str($str)
{
- return $str;
+ return $this->input->_remove_invisible_characters($str);
}
// --------------------------------------------------------------------
diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php
index 6471716..f89000d 100644
--- a/system/database/drivers/odbc/odbc_driver.php
+++ b/system/database/drivers/odbc/odbc_driver.php
@@ -235,7 +235,7 @@
function escape_str($str)
{
// ODBC doesn't require escaping
- return $str;
+ return $this->input->_remove_invisible_characters($str);
}
// --------------------------------------------------------------------