Query binding bug - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: Query binding bug (/showthread.php?tid=4139) |
Query binding bug - El Forum - 11-08-2007 [eluser]miau[/eluser] Hi, I found a bug in query binding. The following code: Code: $test = "test\\"; It happens in compile_binds() (DB_driver.php) in this line: Code: $sql = preg_replace("#".preg_quote($this->bind_marker, '#')."#", str_replace('$', '\$', $val), $sql, 1); My solution is to replace the code from above with this: Code: $pos = strpos($sql, $this->bind_marker); Greetings! miau Query binding bug - El Forum - 02-04-2008 [eluser]Unknown[/eluser] This bug is also present in CI 1.6.0. I actually found and fixed it just last week (smarter guy would have looked here first and found the fix miau suggested). My own fix has the same idea as miau's. The only difference worth mentioning is using the offset parameter of strpos. The fixed loop in DB_driver::compile_binds is as follows: Code: $offset = 0; I really recommend that everyone use either of this fixes as the query binding isn't secure by default. |