Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion [ci 1.7.3] Oracle active record escaping
[ci 1.7.3] Oracle active record escaping
  • El Forum
    Guest
  •  
#1
01-25-2011, 12:59 PM

[eluser]MVUG[/eluser]
CI 1.7.3 does not do escaping very well (when using activerecord). Does anybody have a fix for this?

Queries like: INSERT INTO table (nr, data) VALUES (1, 'test's');


also check this: http://ellislab.com/forums/viewthread/167638/
  • El Forum
    Guest
  •  
#2
01-26-2011, 01:37 AM

[eluser]MVUG[/eluser]
Ok I solved the problem... Oracle uses ' (quotes) to escape quotes... So the looks like:
INSERT INTO table (nr, data) VALUES (1, 'test''s');

I updated 1 function (escape_str) in system/database/drivers/oci8/oci8_driver.php.

Code:
/**
     * Escape String
     *
     * @access  public
     * @param   string
     * @param    bool    whether or not the string will be used in a LIKE condition
     * @return  string
     */
    function escape_str($str, $like = FALSE)
    {
        if (is_array($str))
        {
            foreach($str as $key => $val)
            {
                $str[$key] = $this->escape_str($val, $like);
            }

            return $str;
        }

        $str = remove_invisible_characters($str);
        $str = str_replace("'", "''", $str);

        // escape LIKE condition wildcards
        if ($like === TRUE)
        {
            $str = str_replace(    array('%', '_', $this->_like_escape_chr),
                                array($this->_like_escape_chr.'%', $this->_like_escape_chr.'_', $this->_like_escape_chr.$this->_like_escape_chr),
                                $str);
        }

        return $str;
    }

I added
Code:
$str = str_replace("'", "''", $str);




Theme © iAndrew 2016 - Forum software by © MyBB