diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2007-06-24 12:49:13 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2007-06-24 12:49:13 +0000 |
| commit | 5aa220bcd21c6e3decd8f2b9833dc90a8ee6a274 (patch) | |
| tree | 63f64d470a44ff71aa4ef83775e3e0727dd76e46 /phpBB/includes/db | |
| parent | 318418b0f266998895f88e9fcbcd3873a518c4b5 (diff) | |
| download | forums-5aa220bcd21c6e3decd8f2b9833dc90a8ee6a274.tar forums-5aa220bcd21c6e3decd8f2b9833dc90a8ee6a274.tar.gz forums-5aa220bcd21c6e3decd8f2b9833dc90a8ee6a274.tar.bz2 forums-5aa220bcd21c6e3decd8f2b9833dc90a8ee6a274.tar.xz forums-5aa220bcd21c6e3decd8f2b9833dc90a8ee6a274.zip | |
tweak the sql_like_expression feature a little bit to allow correct escaping
git-svn-id: file:///svn/phpbb/trunk@7789 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/db')
| -rw-r--r-- | phpBB/includes/db/dbal.php | 24 | ||||
| -rw-r--r-- | phpBB/includes/db/firebird.php | 9 | ||||
| -rw-r--r-- | phpBB/includes/db/mssql.php | 15 | ||||
| -rw-r--r-- | phpBB/includes/db/mssql_odbc.php | 15 | ||||
| -rw-r--r-- | phpBB/includes/db/mysql.php | 9 | ||||
| -rw-r--r-- | phpBB/includes/db/mysqli.php | 9 | ||||
| -rw-r--r-- | phpBB/includes/db/oracle.php | 9 | ||||
| -rw-r--r-- | phpBB/includes/db/postgres.php | 9 | ||||
| -rw-r--r-- | phpBB/includes/db/sqlite.php | 12 |
9 files changed, 77 insertions, 34 deletions
diff --git a/phpBB/includes/db/dbal.php b/phpBB/includes/db/dbal.php index 141a7cb71e..aa8adda86c 100644 --- a/phpBB/includes/db/dbal.php +++ b/phpBB/includes/db/dbal.php @@ -50,6 +50,12 @@ class dbal var $sql_layer = ''; /** + * Wildcards for matching any (%) or exactly one (_) character within LIKE expressions + */ + var $any_char; + var $one_char; + + /** * Constructor */ function dbal() @@ -63,6 +69,10 @@ class dbal // Fill default sql layer based on the class being called. // This can be changed by the specified layer itself later if needed. $this->sql_layer = substr(get_class($this), 5); + + // Do not change this please! This variable is used to easy the use of it - and is hardcoded. + $this->any_char = chr(0) . '%'; + $this->one_char = chr(0) . '_'; } /** @@ -193,17 +203,17 @@ class dbal /** * Correctly adjust LIKE expression for special characters - * Some DBMS are handling them in a different way we need to take into account + * Some DBMS are handling them in a different way + * + * @param string $expression The expression to use. Every wildcard is escaped, except $this->any_char and $this->one_char + * @return string LIKE expression including the keyword! */ function sql_like_expression($expression) { - // Standard for most DBMS - if (strpos($expression, '_') === false) - { - return 'LIKE \'' . $this->sql_escape($expression) . '\''; - } + $expression = str_replace(array('_', '%'), array("\_", "\%"), $expression); + $expression = str_replace(array(chr(0) . "\_", chr(0) . "\%"), array('_', '%'), $expression); - return 'LIKE \'' . $this->sql_escape(str_replace('_', "\_", $expression)) . '\''; + return $this->_sql_like_expression('LIKE \'' . $this->sql_escape($expression) . '\''); } /** diff --git a/phpBB/includes/db/firebird.php b/phpBB/includes/db/firebird.php index 6139d8608b..8aa6c43512 100644 --- a/phpBB/includes/db/firebird.php +++ b/phpBB/includes/db/firebird.php @@ -409,6 +409,15 @@ class dbal_firebird extends dbal } /** + * Build LIKE expression + * @access private + */ + function _sql_like_expression($expression) + { + return $expression; + } + + /** * Build db-specific query data * @access private */ diff --git a/phpBB/includes/db/mssql.php b/phpBB/includes/db/mssql.php index ba8e8681ec..422a5d44a4 100644 --- a/phpBB/includes/db/mssql.php +++ b/phpBB/includes/db/mssql.php @@ -309,19 +309,12 @@ class dbal_mssql extends dbal } /** - * Correctly adjust LIKE expression for special characters - * MSSQL needs an escape character being defined + * Build LIKE expression + * @access private */ - function sql_like_expression($expression) + function _sql_like_expression($expression) { - // Standard for most DBMS - if (strpos($expression, '_') === false) - { - return 'LIKE \'' . $this->sql_escape($expression) . '\''; - } - - // sql_like_expression is only allowed directly within single quotes (to ease the use of it), therefore the special writing of ESCAPE below - return 'LIKE \'' . $this->sql_escape(str_replace('_', "\_", $expression)) . "' ESCAPE '\\'"; + return $expression . " ESCAPE '\\'"; } /** diff --git a/phpBB/includes/db/mssql_odbc.php b/phpBB/includes/db/mssql_odbc.php index 9133f5d0de..290142103f 100644 --- a/phpBB/includes/db/mssql_odbc.php +++ b/phpBB/includes/db/mssql_odbc.php @@ -320,19 +320,12 @@ class dbal_mssql_odbc extends dbal } /** - * Correctly adjust LIKE expression for special characters - * MSSQL needs an escape character being defined + * Build LIKE expression + * @access private */ - function sql_like_expression($expression) + function _sql_like_expression($expression) { - // Standard for most DBMS - if (strpos($expression, '_') === false) - { - return 'LIKE \'' . $this->sql_escape($expression) . '\''; - } - - // sql_like_expression is only allowed directly within single quotes (to ease the use of it), therefore the special writing of ESCAPE below - return 'LIKE \'' . $this->sql_escape(str_replace('_', "\_", $expression)) . "' ESCAPE '\\'"; + return $expression . " ESCAPE '\\'"; } /** diff --git a/phpBB/includes/db/mysql.php b/phpBB/includes/db/mysql.php index f83019f58b..71a2002eb4 100644 --- a/phpBB/includes/db/mysql.php +++ b/phpBB/includes/db/mysql.php @@ -277,6 +277,15 @@ class dbal_mysql extends dbal } /** + * Build LIKE expression + * @access private + */ + function _sql_like_expression($expression) + { + return $expression; + } + + /** * Build db-specific query data * @access private */ diff --git a/phpBB/includes/db/mysqli.php b/phpBB/includes/db/mysqli.php index 42a1057970..660188d1c7 100644 --- a/phpBB/includes/db/mysqli.php +++ b/phpBB/includes/db/mysqli.php @@ -246,6 +246,15 @@ class dbal_mysqli extends dbal } /** + * Build LIKE expression + * @access private + */ + function _sql_like_expression($expression) + { + return $expression; + } + + /** * Build db-specific query data * @access private */ diff --git a/phpBB/includes/db/oracle.php b/phpBB/includes/db/oracle.php index 709cb653e9..76a920d4b8 100644 --- a/phpBB/includes/db/oracle.php +++ b/phpBB/includes/db/oracle.php @@ -533,6 +533,15 @@ class dbal_oracle extends dbal return str_replace("'", "''", $msg); } + /** + * Build LIKE expression + * @access private + */ + function _sql_like_expression($expression) + { + return $expression . " ESCAPE '\\'"; + } + function _sql_custom_build($stage, $data) { return $data; diff --git a/phpBB/includes/db/postgres.php b/phpBB/includes/db/postgres.php index e85a8d8f3f..340c32b37a 100644 --- a/phpBB/includes/db/postgres.php +++ b/phpBB/includes/db/postgres.php @@ -346,6 +346,15 @@ class dbal_postgres extends dbal } /** + * Build LIKE expression + * @access private + */ + function _sql_like_expression($expression) + { + return $expression; + } + + /** * return sql error array * @access private */ diff --git a/phpBB/includes/db/sqlite.php b/phpBB/includes/db/sqlite.php index 88a0d612b4..3248b439c6 100644 --- a/phpBB/includes/db/sqlite.php +++ b/phpBB/includes/db/sqlite.php @@ -247,12 +247,14 @@ class dbal_sqlite extends dbal */ function sql_like_expression($expression) { - if (strpos($expression, '_') === false) - { - return "LIKE '" . $this->sql_escape($expression) . "'"; - } + // Unlike LIKE, GLOB is case sensitive (unfortunatly). SQLite users need to live with it! + // We only catch * and ? here, not the character map possible on file globbing. + $expression = str_replace(array(chr(0) . '_', chr(0) . '%'), array(chr(0) . '?', chr(0) . '*'), $expression); + + $expression = str_replace(array('?', '*'), array("\?", "\*"), $expression); + $expression = str_replace(array(chr(0) . "\?", chr(0) . "\*"), array('?', '*'), $expression); - return "GLOB '" . $this->sql_escape(str_replace('%', '*', $expression)) . "'"; + return 'GLOB \'' . $this->sql_escape($expression) . '\''; } /** |