Merge pull request #100 from shadlaws/fix_1956

#1956 - Escape LIKE queries (for _ and %).
author: Bharat Mediratta <bharat@menalto.com> 2013-01-25 09:09:38 -0800
committer: Bharat Mediratta <bharat@menalto.com> 2013-01-25 09:09:38 -0800
commit: 98e709220a4636ecec05ebf6a15a8a564400be0a (patch)
tree: d8cdea6ffe7e3862ee38f90082a43e30a7ced0bb /modules/gallery/libraries/MY_Database.php
parent: 4c1dc8457e82bd8960e10416981b5dadfc3aebe4 (diff)
parent: 48bd19808c38a8de20cfece1adc1ffe226da3783 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/modules/gallery/libraries/MY_Database.php b/modules/gallery/libraries/MY_Database.php
index aae0bb79..33759b67 100644
--- a/modules/gallery/libraries/MY_Database.php
+++ b/modules/gallery/libraries/MY_Database.php
@@ -88,4 +88,14 @@ abstract class Database extends Database_Core {
   static function set_default_instance($db) {
     self::$instances["default"] = $db;
   }
+
+  /**
+   * Escape LIKE queries, add wildcards.  In MySQL queries using LIKE, _ and % characters are
+   * treated as wildcards similar to ? and *, respectively.  Therefore, we need to escape _, %,
+   * and \ (the escape character itself).
+   */
+  static function escape_for_like($value) {
+    // backslash must go first to avoid double-escaping
+    return addcslashes($value, '\_%');
+  }
 }
 \ No newline at end of file
author	Bharat Mediratta <bharat@menalto.com>	2013-01-25 09:09:38 -0800
committer	Bharat Mediratta <bharat@menalto.com>	2013-01-25 09:09:38 -0800
commit	98e709220a4636ecec05ebf6a15a8a564400be0a (patch)
tree	d8cdea6ffe7e3862ee38f90082a43e30a7ced0bb /modules/gallery/libraries/MY_Database.php
parent	4c1dc8457e82bd8960e10416981b5dadfc3aebe4 (diff)
parent	48bd19808c38a8de20cfece1adc1ffe226da3783 (diff)