[geeklog-hg] geeklog: Introduced DB_escapeString (feature request #0001146)
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Mon Jan 21 08:50:54 EST 2013
changeset 8924:44b55b16dea8
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/44b55b16dea8
user: Kenji ITO <mystralkk at gmail.com>
date: Mon Jan 21 22:49:35 2013 +0900
description:
Introduced DB_escapeString (feature request #0001146)
diffstat:
system/databases/mssql.class.php | 20 +++++++++++++++++++-
system/databases/mysql.class.php | 18 ++++++++++++++++++
system/databases/mysqli.class.php | 32 +++++++++++++++++++++-----------
system/databases/pgsql.class.php | 18 ++++++++++++++++++
system/lib-database.php | 13 +++++++++++++
5 files changed, 89 insertions(+), 12 deletions(-)
diffs (164 lines):
diff -r d89701cc9d65 -r 44b55b16dea8 system/databases/mssql.class.php
--- a/system/databases/mssql.class.php Mon Jan 21 22:23:52 2013 +0900
+++ b/system/databases/mssql.class.php Mon Jan 21 22:49:35 2013 +0900
@@ -1176,7 +1176,25 @@
$v = $this->dbFetchArray($q, true);
return $v[0];
}
-
+
+ /**
+ * Escapes a string so that it can be safely used in a query
+ *
+ * @param string $str a string to be escaped
+ * @param boolean $isEnclose whether to enclose the string with "'"
+ * @return string
+ */
+ function dbEscapeString($str, $isEnclose = TRUE)
+ {
+ $retval = str_replace("'", "''", $str);
+
+ if ($isEnclose) {
+ $retval = "'" . $retval . "'";
+ }
+
+ return $retval;
+ }
+
}//end class
?>
diff -r d89701cc9d65 -r 44b55b16dea8 system/databases/mysql.class.php
--- a/system/databases/mysql.class.php Mon Jan 21 22:23:52 2013 +0900
+++ b/system/databases/mysql.class.php Mon Jan 21 22:49:35 2013 +0900
@@ -830,6 +830,24 @@
return @mysql_get_server_info();
}
+ /**
+ * Escapes a string so that it can be safely used in a query
+ *
+ * @param string $str a string to be escaped
+ * @param boolean $isEnclose whether to enclose the string with "'"
+ * @return string
+ */
+ function dbEscapeString($str, $isEnclose = TRUE)
+ {
+ $retval = mysql_real_escape_string($str, $this->_db);
+
+ if ($isEnclose) {
+ $retval = "'" . $retval . "'";
+ }
+
+ return $retval;
+ }
+
}
?>
diff -r d89701cc9d65 -r 44b55b16dea8 system/databases/mysqli.class.php
--- a/system/databases/mysqli.class.php Mon Jan 21 22:23:52 2013 +0900
+++ b/system/databases/mysqli.class.php Mon Jan 21 22:49:35 2013 +0900
@@ -344,8 +344,8 @@
$retval .= ' WHERE ';
for ($i = 1; $i <= $num_ids; $i ++) {
- $retval .= current($id) . " = '"
- . $this->dbEscape(current($value)) . "'";
+ $retval .= current($id) . " = "
+ . $this->dbEscapeString(current($value));
if ($i !== $num_ids) {
$retval .= " AND ";
}
@@ -765,15 +765,6 @@
return $this->_db->server_info;
}
- public function dbEscape($value, $is_numeric = FALSE)
- {
- if (!$is_numeric) {
- $value = $this->_db->escape_string($value);
- }
-
- return $value;
- }
-
public function dbStartTransaction()
{
return $this->_db->autocommit(FALSE);
@@ -788,6 +779,25 @@
{
return $this->_db->rollback();
}
+
+ /**
+ * Escapes a string so that it can be safely used in a query
+ *
+ * @param string $str a string to be escaped
+ * @param boolean $isEnclose whether to enclose the string with "'"
+ * @return string
+ */
+ public function dbEscapeString($str, $isEnclose = TRUE)
+ {
+ $retval = $this->_db->real_escape_string($str);
+
+ if ($isEnclose) {
+ $retval = "'" . $retval . "'";
+ }
+
+ return $retval;
+ }
+
}
?>
diff -r d89701cc9d65 -r 44b55b16dea8 system/databases/pgsql.class.php
--- a/system/databases/pgsql.class.php Mon Jan 21 22:23:52 2013 +0900
+++ b/system/databases/pgsql.class.php Mon Jan 21 22:49:35 2013 +0900
@@ -911,6 +911,24 @@
return $v['server'];
}
+ /**
+ * Escapes a string so that it can be safely used in a query
+ *
+ * @param string $str a string to be escaped
+ * @param boolean $isEnclose whether to enclose the string with "'"
+ * @return string
+ */
+ function dbEscapeString($str, $isEnclose = TRUE)
+ {
+ $retval = pg_escape_string($this->_db, $str);
+
+ if ($isEnclose) {
+ $retval = "'" . $retval . "'";
+ }
+
+ return $retval;
+ }
+
}
?>
diff -r d89701cc9d65 -r 44b55b16dea8 system/lib-database.php
--- a/system/lib-database.php Mon Jan 21 22:23:52 2013 +0900
+++ b/system/lib-database.php Mon Jan 21 22:49:35 2013 +0900
@@ -662,5 +662,18 @@
return $_DB->dbGetVersion();
}
+/**
+* Escapes a string so that it can be safely used in a query
+*
+* @param string $str a string to be escaped
+* @param boolean $isEnclose whether to enclose the string with "'"
+* @return string
+*/
+function DB_escapeString($str, $isEnclose = TRUE)
+{
+ global $_DB;
+
+ return $_DB->dbEscapeString($str, $isEnclose);
+}
?>
More information about the geeklog-cvs
mailing list