(08-10-2017, 07:56 AM)Narf Wrote: quote() isn't declared by CI, that's a PDO method (conn_id is a PDO instance, which you're not supposed to use directly).
Either way, escaping while using ODBC is impossible.
This is what I did to bypass this situation in system/database/drivers/pdo/pdo_driver.php:
Code:
protected function _escape_str($str)
{
// Modification by FLED 2017-08-10
// Escape the string
$strQuote = $this->conn_id->quote($str);
// Modification by FLED 2017-08-10
// Some times conn_id->quote returns FALSE when using PDO driver
$str = ($strQuote !== false) ? $strQuote : my_real_escape_string($str);
// If there are duplicated quotes, trim them away
return ($str[0] === "'")
? substr($str, 1, -1)
: $str;
}
and found this function to escape the string without being connected.
Code:
/**
* Replace mysql_real_escape_string() in the case we would want to escape without
* beeing connected.
* Found on: http://php.net/manual/fr/function.mysql-real-escape-string.php
*
* @param string $str String to escape
* @return string
*******************************************************************************/
function my_real_escape_string($str){
if(is_array($str))
return array_map(__METHOD__, $str);
if(!empty($str) && is_string($str)) {
return str_replace(array('\\', "\0", "\n", "\r", "'", '"', "\x1a"), array('\\\\', '\\0', '\\n', '\\r', "\\'", '\\"', '\\Z'), $str);
}
return $str;
}
"conn_id is a PDO instance, which you're not supposed to use directly".
I'm not accessing anything with my code, this is found in [protected function _escape_str($str)] in pdo_driver.php, called by [public function escape($str)], which is called by [protected function _wh($qb_key, $key, $value = NULL, $type = 'AND ', $escape = NULL)] in DB_query_builder...
$this->conn_id, gives me: [object(PDO)] in debug mode and connection to DB is alive since I'm getting results from DB...
Pretty strange...
With these modifications, everything is now working, but why should I use such a bypass?
why [$strQuote = $this->conn_id->quote($str);] always return FALSE?
Thanks