[eluser]miau[/eluser]
Hi, I found a bug in query binding.
The following code:
Code:
$test = "test\\";
$this->db->query("insert into test(name) values (?)", array($test));
will not work because during binding one of backslashes disappears.
It happens in
compile_binds() (DB_driver.php) in this line:
Code:
$sql = preg_replace("#".preg_quote($this->bind_marker, '#')."#", str_replace('$', '\$', $val), $sql, 1);
($val is after escaping)
My solution is to replace the code from above with this:
Code:
$pos = strpos($sql, $this->bind_marker);
$part1 = substr($sql, 0, $pos);
$part2 = substr($sql, $pos+1);
$sql = $part1 . $val . $part2;
As a bonus you might save a few CPU cycles, because strpos and substr should be a little faster than regular expressions
(this is my blind guess, i didn't run any tests and i don't see any need for this, because the speed difference would be very small)
Greetings!
miau