diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2007-06-24 12:49:13 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2007-06-24 12:49:13 +0000 |
| commit | 5aa220bcd21c6e3decd8f2b9833dc90a8ee6a274 (patch) | |
| tree | 63f64d470a44ff71aa4ef83775e3e0727dd76e46 /phpBB/includes/db/dbal.php | |
| parent | 318418b0f266998895f88e9fcbcd3873a518c4b5 (diff) | |
| download | forums-5aa220bcd21c6e3decd8f2b9833dc90a8ee6a274.tar forums-5aa220bcd21c6e3decd8f2b9833dc90a8ee6a274.tar.gz forums-5aa220bcd21c6e3decd8f2b9833dc90a8ee6a274.tar.bz2 forums-5aa220bcd21c6e3decd8f2b9833dc90a8ee6a274.tar.xz forums-5aa220bcd21c6e3decd8f2b9833dc90a8ee6a274.zip | |
tweak the sql_like_expression feature a little bit to allow correct escaping
git-svn-id: file:///svn/phpbb/trunk@7789 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/db/dbal.php')
| -rw-r--r-- | phpBB/includes/db/dbal.php | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/phpBB/includes/db/dbal.php b/phpBB/includes/db/dbal.php index 141a7cb71e..aa8adda86c 100644 --- a/phpBB/includes/db/dbal.php +++ b/phpBB/includes/db/dbal.php @@ -50,6 +50,12 @@ class dbal var $sql_layer = ''; /** + * Wildcards for matching any (%) or exactly one (_) character within LIKE expressions + */ + var $any_char; + var $one_char; + + /** * Constructor */ function dbal() @@ -63,6 +69,10 @@ class dbal // Fill default sql layer based on the class being called. // This can be changed by the specified layer itself later if needed. $this->sql_layer = substr(get_class($this), 5); + + // Do not change this please! This variable is used to easy the use of it - and is hardcoded. + $this->any_char = chr(0) . '%'; + $this->one_char = chr(0) . '_'; } /** @@ -193,17 +203,17 @@ class dbal /** * Correctly adjust LIKE expression for special characters - * Some DBMS are handling them in a different way we need to take into account + * Some DBMS are handling them in a different way + * + * @param string $expression The expression to use. Every wildcard is escaped, except $this->any_char and $this->one_char + * @return string LIKE expression including the keyword! */ function sql_like_expression($expression) { - // Standard for most DBMS - if (strpos($expression, '_') === false) - { - return 'LIKE \'' . $this->sql_escape($expression) . '\''; - } + $expression = str_replace(array('_', '%'), array("\_", "\%"), $expression); + $expression = str_replace(array(chr(0) . "\_", chr(0) . "\%"), array('_', '%'), $expression); - return 'LIKE \'' . $this->sql_escape(str_replace('_', "\_", $expression)) . '\''; + return $this->_sql_like_expression('LIKE \'' . $this->sql_escape($expression) . '\''); } /** |