added LIKE condition escaping to all drivers and Active Record
updated all DB drivers to accept arrays in escape_str()
diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php
index 42dd517..1fdb1bc 100644
--- a/system/database/drivers/oci8/oci8_driver.php
+++ b/system/database/drivers/oci8/oci8_driver.php
@@ -47,7 +47,11 @@
// The character used for excaping
var $_escape_char = '"';
-
+
+ // clause and character used for LIKE escape sequences
+ var $_like_escape_str = " escape '%s' ";
+ var $_like_escape_chr = '!';
+
/**
* The syntax to count rows is slightly different across different
* database engines, so this string appears in each driver and is
@@ -368,14 +372,35 @@
*
* @access public
* @param string
+ * @param bool whether or not the string will be used in a LIKE condition
* @return string
*/
- function escape_str($str)
+ function escape_str($str, $like = FALSE)
{
+ if (is_array($str))
+ {
+ foreach($str as $key => $val)
+ {
+ $str[$key] = $this->escape_str($val, $like);
+ }
+
+ return $str;
+ }
+
// Access the CI object
$CI =& get_instance();
- return $CI->input->_remove_invisible_characters($str);
+ $str = $CI->input->_remove_invisible_characters($str);
+
+ // escape LIKE condition wildcards
+ if ($like === TRUE)
+ {
+ $str = str_replace( array('%', '_', $this->_like_escape_chr),
+ array($this->_like_escape_chr.'%', $this->_like_escape_chr.'_', $this->_like_escape_chr.$this->_like_escape_chr),
+ $str);
+ }
+
+ return $str;
}
// --------------------------------------------------------------------