4 files changed, 61 insertions, 0 deletions
diff --git a/phpBB/includes/db/dbal.php b/phpBB/includes/db/dbal.php
index 8ecb7627e5..141a7cb71e 100644
--- a/phpBB/includes/db/dbal.php
+++ b/phpBB/includes/db/dbal.php
@@ -192,6 +192,21 @@ class dbal
 	}
 
 	/**
+	* Correctly adjust LIKE expression for special characters
+	* Some DBMS are handling them in a different way we need to take into account
+	*/
+	function sql_like_expression($expression)
+	{
+		// Standard for most DBMS
+		if (strpos($expression, '_') === false)
+		{
+			return 'LIKE \'' . $this->sql_escape($expression) . '\'';
+		}
+
+		return 'LIKE \'' . $this->sql_escape(str_replace('_', "\_", $expression)) . '\'';
+	}
+
+	/**
 	* SQL Transaction
 	* @access private
 	*/
diff --git a/phpBB/includes/db/mssql.php b/phpBB/includes/db/mssql.php
index 44ea132a8f..ba8e8681ec 100644
--- a/phpBB/includes/db/mssql.php
+++ b/phpBB/includes/db/mssql.php
@@ -309,6 +309,22 @@ class dbal_mssql extends dbal
 	}
 
 	/**
+	* Correctly adjust LIKE expression for special characters
+	* MSSQL needs an escape character being defined
+	*/
+	function sql_like_expression($expression)
+	{
+		// Standard for most DBMS
+		if (strpos($expression, '_') === false)
+		{
+			return 'LIKE \'' . $this->sql_escape($expression) . '\'';
+		}
+
+		// sql_like_expression is only allowed directly within single quotes (to ease the use of it), therefore the special writing of ESCAPE below
+		return 'LIKE \'' . $this->sql_escape(str_replace('_', "\_", $expression)) . "' ESCAPE '\\'";
+	}
+
+	/**
 	* return sql error array
 	* @access private
 	*/
diff --git a/phpBB/includes/db/mssql_odbc.php b/phpBB/includes/db/mssql_odbc.php
index 6803228e13..9133f5d0de 100644
--- a/phpBB/includes/db/mssql_odbc.php
+++ b/phpBB/includes/db/mssql_odbc.php
@@ -320,6 +320,22 @@ class dbal_mssql_odbc extends dbal
 	}
 
 	/**
+	* Correctly adjust LIKE expression for special characters
+	* MSSQL needs an escape character being defined
+	*/
+	function sql_like_expression($expression)
+	{
+		// Standard for most DBMS
+		if (strpos($expression, '_') === false)
+		{
+			return 'LIKE \'' . $this->sql_escape($expression) . '\'';
+		}
+
+		// sql_like_expression is only allowed directly within single quotes (to ease the use of it), therefore the special writing of ESCAPE below
+		return 'LIKE \'' . $this->sql_escape(str_replace('_', "\_", $expression)) . "' ESCAPE '\\'";
+	}
+
+	/**
 	* Build db-specific query data
 	* @access private
 	*/
diff --git a/phpBB/includes/db/sqlite.php b/phpBB/includes/db/sqlite.php
index 398d044672..88a0d612b4 100644
--- a/phpBB/includes/db/sqlite.php
+++ b/phpBB/includes/db/sqlite.php
@@ -242,6 +242,20 @@ class dbal_sqlite extends dbal
 	}
 
 	/**
+	* Correctly adjust LIKE expression for special characters
+	* For SQLite an underscore is a not-known character... this may change with SQLite3
+	*/
+	function sql_like_expression($expression)
+	{
+		if (strpos($expression, '_') === false)
+		{
+			return "LIKE '" . $this->sql_escape($expression) . "'";
+		}
+
+		return "GLOB '" . $this->sql_escape(str_replace('%', '*', $expression)) . "'";
+	}
+
+	/**
 	* return sql error array
 	* @access private
 	*/