Login

11-08-2007, 05:46 PM

[eluser]miau[/eluser]
Hi, I found a bug in query binding.
The following code:

Code:
$test = "test\\";    

$this->db->query("insert into test(name) values (?)", array($test));

will not work because during binding one of backslashes disappears.
It happens in compile_binds() (DB_driver.php) in this line:

Code:
$sql = preg_replace("#".preg_quote($this->bind_marker, '#')."#", str_replace('$', '\$', $val), $sql, 1);

($val is after escaping)

My solution is to replace the code from above with this:

Code:
$pos = strpos($sql, $this->bind_marker);

$part1 = substr($sql, 0, $pos);

$part2 = substr($sql, $pos+1);            

$sql = $part1 . $val . $part2;

As a bonus you might save a few CPU cycles, because strpos and substr should be a little faster than regular expressions Wink

(this is my blind guess, i didn't run any tests and i don't see any need for this, because the speed difference would be very small)

Greetings!
miau