Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming escape not working with active record and Oracle
escape not working with active record and Oracle
  • El Forum
    Guest
  •  
#1
09-16-2010, 09:28 AM

[eluser]Unknown[/eluser]
This is my first CI project. one reason I choose CI what for the cross DB library and the active records. I started out the project with MySql and then had t switch to Oracle.

The active record is not escaping an apostrophe. like in the string "you can't do that."

The code looks simple:
Code:
$comment = $this->input->post('CommentsDenial');
$this->db->set('REQ_DENY_COMMENT_DESC', $comment );

$this->db->where('REQ_OID_NBR', $reqId);
$dbRet = $this->db->update('REQUEST');

I get the error:
A PHP Error was encountered

Severity: Warning
Message: ociparse() [function.ociparse]: ORA-01756: quoted string not properly terminated
Filename: oci8/oci8_driver.php
Line Number: 186

I even tried to call escape first.
Code:
$this->db->set('REQ_DENY_COMMENT_DESC', $this->db->escape($comment) );

With a few debug statements I got this:
Code:
echo $comment . "<BR>";
echo $this->db->escape($comment)  . "<BR>";

Dale Pickering said on (09/15/2010 5:06 PM): you can't do that.
'Dale Pickering said on (09/15/2010 5:06 PM): you can't do that.'

All escape did was place single quotes around the whole string. the Apostrophe was not escaped!

So am I missing some settings or is this a bug (maybe with the oci8 driver)?
  • El Forum
    Guest
  •  
#2
01-14-2011, 09:43 AM

[eluser]Brad K Morse[/eluser]
change

Code:
$comment = $this->input->post('CommentsDenial');

to

Code:
$comment = str_replace("'", "''", $this->input->post('CommentsDenial'));
  • El Forum
    Guest
  •  
#3
01-26-2011, 01:38 AM

[eluser]MVUG[/eluser]
Maybe this can solve your problem:

http://ellislab.com/forums/viewthread/179202/
  • El Forum
    Guest
  •  
#4
02-03-2011, 07:04 AM

[eluser]Unknown[/eluser]
I found another way of handeling the escaped problem in oracle.

Within the system -> database -> drivers -> oci8 -> oci8_driver.php
have added this line:
Code:
$str = str_replace("'", "''", $str);
in the escape_str function
Code:
function escape_str($str, $like = FALSE)
    {
        if (is_array($str))
        {
            foreach($str as $key => $val)
            {
                $str[$key] = $this->escape_str($val, $like);
            }

            return $str;
        }

        $str = remove_invisible_characters($str);
        $str = str_replace("'", "''", $str);  

        // escape LIKE condition wildcards
        if ($like === TRUE)
        {
            $str = str_replace(    array('%', '_', $this->_like_escape_chr),
                                array($this->_like_escape_chr.'%', $this->_like_escape_chr.'_', $this->_like_escape_chr.$this->_like_escape_chr),
                                $str);
        }

        return $str;
    }




Theme © iAndrew 2016 - Forum software by © MyBB