+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Libraries & Helpers (https://forum.codeigniter.com/forumdisplay.php?fid=22)
+--- Thread: Oracle escape_str() function is not complete (/showthread.php?tid=58080)
Oracle escape_str() function is not complete - El Forum - 05-13-2013
[eluser]MonkeyZeus[/eluser]
I have been working with CodeIgniter 2.1.3 for a few weeks now and have ran into the issue that the OCI8 driver does not escape single-quotes.
My current solution is to modify the escape_str() function in oci8_driver.php and add the following line of code:
Code:
// escape literal single-quotes
$str = str_replace("'", "''", $str);Complete function:
Code:
public function escape_str($str, $like = FALSE)
{
if (is_array($str))
{
foreach ($str as $key => $val)
{
$str[$key] = $this->escape_str($val, $like);
}
return $str;
}
$str = remove_invisible_characters($str);
// escape literal single-quotes
$str = str_replace("'", "''", $str);
// escape LIKE condition wildcards
if ($like === TRUE)
{
$str = str_replace( array('%', '_', $this->_like_escape_chr),
array($this->_like_escape_chr.'%', $this->_like_escape_chr.'_', $this->_like_escape_chr.$this->_like_escape_chr),
$str);
}
return $str;
}I know this probably isn't best practice but I cannot imagine a situation where I would not need to escape single quotes. I am also keeping full documentation of changes made to the system folder so that upgrading can be performed more smoothly.