Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Development Issues pdo_driver.php, _escape_str($str) keeps returning FALSE
pdo_driver.php, _escape_str($str) keeps returning FALSE
  • Offline fled
    Newbie
  • *
  • Posts: 2
    Threads: 1
    Joined: Aug 2017
    Reputation: 0
#3
08-10-2017, 09:05 AM

(08-10-2017, 07:56 AM)Narf Wrote: quote() isn't declared by CI, that's a PDO method (conn_id is a PDO instance, which you're not supposed to use directly).

Either way, escaping while using ODBC is impossible.

This is what I did to bypass this situation in system/database/drivers/pdo/pdo_driver.php:

Code:
protected function _escape_str($str)
{
   // Modification by FLED 2017-08-10
   // Escape the string
   $strQuote = $this->conn_id->quote($str);

   // Modification by FLED 2017-08-10
   // Some times conn_id->quote returns FALSE when using PDO driver
   $str = ($strQuote !== false) ? $strQuote : my_real_escape_string($str);

   // If there are duplicated quotes, trim them away
   return ($str[0] === "'")
       ? substr($str, 1, -1)
       : $str;
}

and found this function to escape the string without being connected.

Code:
/**
* Replace mysql_real_escape_string() in the case we would want to escape without
* beeing connected.
* Found on: http://php.net/manual/fr/function.mysql-real-escape-string.php
*
* @param  string  $str String to escape
* @return string
*******************************************************************************/
function my_real_escape_string($str){
 if(is_array($str))
     return array_map(__METHOD__, $str);

 if(!empty($str) && is_string($str)) {
     return str_replace(array('\\', "\0", "\n", "\r", "'", '"', "\x1a"), array('\\\\', '\\0', '\\n', '\\r', "\\'", '\\"', '\\Z'), $str);
 }

 return $str;  
}

"conn_id is a PDO instance, which you're not supposed to use directly".
I'm not accessing anything with my code, this is found in [protected function _escape_str($str)] in pdo_driver.php, called by [public function escape($str)], which is called by [protected function _wh($qb_key, $key, $value = NULL, $type = 'AND ', $escape = NULL)] in DB_query_builder...

$this->conn_id, gives me: [object(PDO)] in debug mode and connection to DB is alive since I'm getting results from DB...

Pretty strange...

With these modifications, everything is now working, but why should I use such a bypass?
why [$strQuote = $this->conn_id->quote($str);] always return FALSE?

Thanks
Reply


Messages In This Thread
RE: pdo_driver.php, _escape_str($str) keeps returning FALSE - by fled - 08-10-2017, 09:05 AM



Theme © iAndrew 2016 - Forum software by © MyBB