From 0e762b32a003dd8a9b805fb95ee7aeb3616c41e3 Mon Sep 17 00:00:00 2001 From: Timothy Warren Date: Fri, 7 Oct 2011 09:21:40 -0400 Subject: [PATCH] Added check for quote mark --- system/database/drivers/pdo/pdo_driver.php | 26 +++++----------------- 1 file changed, 5 insertions(+), 21 deletions(-) diff --git a/system/database/drivers/pdo/pdo_driver.php b/system/database/drivers/pdo/pdo_driver.php index 1a84404bbc2..750c02e2745 100644 --- a/system/database/drivers/pdo/pdo_driver.php +++ b/system/database/drivers/pdo/pdo_driver.php @@ -313,7 +313,10 @@ function escape_str($str, $like = FALSE) $str = $this->conn_id->quote($str); //If there are duplicated quotes, trim them away - $str = substr($str, 1, -1); + if(strpos($str, "'") === 0) + { + $str = substr($str, 1, -1); + } // escape LIKE condition wildcards if ($like === TRUE) @@ -349,25 +352,7 @@ function affected_rows() */ function insert_id($name=NULL) { - //Convenience method for postgres insertid - if(strpos($this->hostname, 'pgsql') !== FALSE) - { - $v = $this->_version(); - - $table = func_num_args() > 0 ? func_get_arg(0) : NULL; - - if ($table == NULL && $v >= '8.1') - { - $sql='SELECT LASTVAL() as ins_id'; - } - $query = $this->query($sql); - $row = $query->row(); - return $row->ins_id; - } - else - { - return $this->conn_id->lastInsertId($name); - } + return $this->conn_id->lastInsertId($name); } // -------------------------------------------------------------------- @@ -418,7 +403,6 @@ function _list_tables($prefix_limit = FALSE) if ($prefix_limit !== FALSE AND $this->dbprefix != '') { - //$sql .= " LIKE '".$this->escape_like_str($this->dbprefix)."%' ".sprintf($this->_like_escape_str, $this->_like_escape_chr); return FALSE; // not currently supported }