escape_str in mysql - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: escape_str in mysql (/showthread.php?tid=3316) |
escape_str in mysql - El Forum - 09-24-2007 [eluser]displaynone[/eluser] I have been looking for a similar bug, but I don't find it, so I decide to write a new one. When I try to escape a string using escape_str function, I get incorrect results. For example: Code: $query = $this->db->query('insert into table values (?, ?)', array('value1', 'value2 /\/\/\')); Code: insert into table values ('value1', 'value2 /\/\/\') The escape_str function is this: Code: function escape_str($str) Thanks for your time and sorry for my english escape_str in mysql - El Forum - 09-24-2007 [eluser]displaynone[/eluser] Sorry!! I was wrong when I talk about the code of escape_str in MySQL, it's mssql code, but I don't get a correct string escaped yet. escape_str in mysql - El Forum - 09-24-2007 [eluser]displaynone[/eluser] In the DB_driver.php, in the function compile_binds, when the char "?" is replaced by the bind, it removes the slashes "\". I add this into my CI code: Code: $sql = preg_replace('#'.preg_quote($this->bind_marker, '#').'#', str_replace('\\', '\\\\',str_replace('$', '\$', $val)), $sql, 1); Is this ok? |