Changeset 2193

Timestamp:

02/28/2008 09:47:34 PM (9 months ago)

Author:

zombor

Message:

Adding support for configurable database value escaping

Location:

trunk/system/libraries/drivers

Files:

• Database.php (modified) (1 diff)
• Database/Mssql.php (modified) (2 diffs)
• Database/Mysql.php (modified) (3 diffs)
• Database/Mysqli.php (modified) (1 diff)
• Database/Pdosqlite.php (modified) (3 diffs)
• Database/Pgsql.php (modified) (3 diffs)

trunk/system/libraries/drivers/Database.php

@@ -278 +278 @@
         public function escape($value)
         {
+                if (!$this->db_config['escape'])
+                        return $value;
+
                 switch (gettype($value))
                 {

trunk/system/libraries/drivers/Database/Mssql.php

@@ -124 +124 @@
         public function escape_column($column)
         {
+                if (!$this->config['escape'])
+                        return $column;
+
                 if (strtolower($column) == 'count(*)' OR $column == '*')
                         return $column;
@@ -260 +263 @@
         public function escape_str($str)
         {
+                if (!$this->config['escape'])
+                        return $str;
+
                 is_resource($this->link) or $this->connect();
                 //mssql_real_escape_string($str, $this->link); <-- this function doesn't exist

trunk/system/libraries/drivers/Database/Mysql.php

@@ -102 +102 @@
         public function escape_table($table)
         {
+                if (!$this->db_config['escape'])
+                        return $table;
+
                 if (stripos($table, ' AS ') !== FALSE)
                 {
@@ -118 +121 @@
         public function escape_column($column)
         {
+                if (!$this->db_config['escape'])
+                        return $column;
+
                 if (strtolower($column) == 'count(*)' OR $column == '*')
                         return $column;
@@ -247 +253 @@
         public function escape_str($str)
         {
+                if (!$this->config['escape'])
+                        return $str;
+
                 is_resource($this->link) or $this->connect();
 

trunk/system/libraries/drivers/Database/Mysqli.php

@@ -100 +100 @@
         public function escape_str($str)
         {
+                if (!$this->db_config['escape'])
+                        return $str;
+
                 is_object($this->link) or $this->connect();
 

trunk/system/libraries/drivers/Database/Pdosqlite.php

@@ -82 +82 @@
         public function escape_table($table)
         {
+                if (!$this->config['escape'])
+                        return $table;
+
                 return '`'.str_replace('.', '`.`', $table).'`';
         }
@@ -87 +90 @@
         public function escape_column($column)
         {
+                if (!$this->config['escape'])
+                        return $column;
+
                 if (strtolower($column) == 'count(*)' OR $column == '*')
                         return $column;
@@ -203 +209 @@
         public function escape_str($str)
         {
+                if (!$this->config['escape'])
+                        return $str;
+
                 if(function_exists('sqlite_escape_string'))
                 {

trunk/system/libraries/drivers/Database/Pgsql.php

@@ -88 +88 @@
         public function escape_table($table)
         {
+                if (!$this->config['escape'])
+                        return $table;
+
                 return '"'.str_replace('.', '"."', $table).'"';
         }
@@ -93 +96 @@
         public function escape_column($column)
         {
+                if (!$this->config['escape'])
+                        return $column;
+
                 if (strtolower($column) == 'count(*)' OR $column == '*')
                         return $column;
@@ -214 +220 @@
         public function escape_str($str)
         {
+                if (!$this->config['escape'])
+                        return $str;
+
                 is_resource($this->link) or $this->connect();