• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
pdo_driver.php, _escape_str($str) keeps returning FALSE

#1
Hi.

I'm currently encountering a weird problem with version 3.0.6 of CodeIgniter.

I have two setups, one for development and one for production. Both are not using the same driver (because of configuration problem on my development computer) but are connected to the same DB

Prod use [sqlsrv], while Dev use [PDO] with dsn params: ['dsn' => 'odbc:Driver={SQL Server};...]

While using the query builder, the string is escaped using [protected function _escape_str($str)] in pdo_driver.php
in this function, [$strQuote = $this->conn_id->quote($str)] always return FALSE.

Just to set the variables, I'm experiencing this problem only in my development environment which is using PDO

I'm using phpEd as code editor and debug tool, but I cannot enter [conn_id->quote($str)] in debug mode to understand what is the problem.  it keeps sending me FALSE without any errors nor exception output.

Can anyone tell me where this function is declared, or help me resolve this situation?
else, I will need to modify this core function, witch is not a very good idea...  

Thanks
Reply

#2
quote() isn't declared by CI, that's a PDO method (conn_id is a PDO instance, which you're not supposed to use directly).

Either way, escaping while using ODBC is impossible.
Reply

#3
(08-10-2017, 08:56 AM)Narf Wrote: quote() isn't declared by CI, that's a PDO method (conn_id is a PDO instance, which you're not supposed to use directly).

Either way, escaping while using ODBC is impossible.

This is what I did to bypass this situation in system/database/drivers/pdo/pdo_driver.php:

Code:
protected function _escape_str($str)
{
   // Modification by FLED 2017-08-10
   // Escape the string
   $strQuote = $this->conn_id->quote($str);

   // Modification by FLED 2017-08-10
   // Some times conn_id->quote returns FALSE when using PDO driver
   $str = ($strQuote !== false) ? $strQuote : my_real_escape_string($str);

   // If there are duplicated quotes, trim them away
   return ($str[0] === "'")
       ? substr($str, 1, -1)
       : $str;
}

and found this function to escape the string without being connected.

Code:
/**
* Replace mysql_real_escape_string() in the case we would want to escape without
* beeing connected.
* Found on: http://php.net/manual/fr/function.mysql-real-escape-string.php
*
* @param  string  $str String to escape
* @return string
*******************************************************************************/
function my_real_escape_string($str){
 if(is_array($str))
     return array_map(__METHOD__, $str);

 if(!empty($str) && is_string($str)) {
     return str_replace(array('\\', "\0", "\n", "\r", "'", '"', "\x1a"), array('\\\\', '\\0', '\\n', '\\r', "\\'", '\\"', '\\Z'), $str);
 }

 return $str;  
}

"conn_id is a PDO instance, which you're not supposed to use directly".
I'm not accessing anything with my code, this is found in [protected function _escape_str($str)] in pdo_driver.php, called by [public function escape($str)], which is called by [protected function _wh($qb_key, $key, $value = NULL, $type = 'AND ', $escape = NULL)] in DB_query_builder...

$this->conn_id, gives me: [object(PDO)] in debug mode and connection to DB is alive since I'm getting results from DB...

Pretty strange...

With these modifications, everything is now working, but why should I use such a bypass?
why [$strQuote = $this->conn_id->quote($str);] always return FALSE?

Thanks
Reply

#4
(08-10-2017, 10:05 AM)fled Wrote: With these modifications, everything is now working, but why should I use such a bypass?

No. When I said impossible, I really meant impossible.

Inconvenient, I know, but there's nothing anybody can do about this. It's a fundamental limitation of ODBC.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2017 MyBB Group.