CodeIgniter Forums
escape not working with active record and Oracle - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: escape not working with active record and Oracle (/thread-34037.html)



escape not working with active record and Oracle - El Forum - 09-16-2010

[eluser]Unknown[/eluser]
This is my first CI project. one reason I choose CI what for the cross DB library and the active records. I started out the project with MySql and then had t switch to Oracle.

The active record is not escaping an apostrophe. like in the string "you can't do that."

The code looks simple:
Code:
$comment = $this->input->post('CommentsDenial');
$this->db->set('REQ_DENY_COMMENT_DESC', $comment );

$this->db->where('REQ_OID_NBR', $reqId);
$dbRet = $this->db->update('REQUEST');

I get the error:
A PHP Error was encountered

Severity: Warning
Message: ociparse() [function.ociparse]: ORA-01756: quoted string not properly terminated
Filename: oci8/oci8_driver.php
Line Number: 186

I even tried to call escape first.
Code:
$this->db->set('REQ_DENY_COMMENT_DESC', $this->db->escape($comment) );

With a few debug statements I got this:
Code:
echo $comment . "<BR>";
echo $this->db->escape($comment)  . "<BR>";

Dale Pickering said on (09/15/2010 5:06 PM): you can't do that.
'Dale Pickering said on (09/15/2010 5:06 PM): you can't do that.'

All escape did was place single quotes around the whole string. the Apostrophe was not escaped!

So am I missing some settings or is this a bug (maybe with the oci8 driver)?


escape not working with active record and Oracle - El Forum - 01-14-2011

[eluser]Brad K Morse[/eluser]
change

Code:
$comment = $this->input->post('CommentsDenial');

to

Code:
$comment = str_replace("'", "''", $this->input->post('CommentsDenial'));



escape not working with active record and Oracle - El Forum - 01-26-2011

[eluser]MVUG[/eluser]
Maybe this can solve your problem:

http://ellislab.com/forums/viewthread/179202/


escape not working with active record and Oracle - El Forum - 02-03-2011

[eluser]Unknown[/eluser]
I found another way of handeling the escaped problem in oracle.

Within the system -> database -> drivers -> oci8 -> oci8_driver.php
have added this line:
Code:
$str = str_replace("'", "''", $str);
in the escape_str function
Code:
function escape_str($str, $like = FALSE)
    {
        if (is_array($str))
        {
            foreach($str as $key => $val)
            {
                $str[$key] = $this->escape_str($val, $like);
            }

            return $str;
        }

        $str = remove_invisible_characters($str);
        $str = str_replace("'", "''", $str);  

        // escape LIKE condition wildcards
        if ($like === TRUE)
        {
            $str = str_replace(    array('%', '_', $this->_like_escape_chr),
                                array($this->_like_escape_chr.'%', $this->_like_escape_chr.'_', $this->_like_escape_chr.$this->_like_escape_chr),
                                $str);
        }

        return $str;
    }