Fix issue #1789

Signed-off-by: Andrey Andreev <narf@bofh.bg>

system/database/DB_driver.php

@@ -79,6 +79,10 @@ abstract class CI_DB_driver {
 	protected $_protect_identifiers		= TRUE;
 	protected $_reserved_identifiers	= array('*'); // Identifiers that should NOT be escaped
 
+	// clause and character used for LIKE escape sequences
+	protected $_like_escape_str = " ESCAPE '%s' ";
+	protected $_like_escape_chr = '!';
+
 	/**
 	 * The syntax to count rows is slightly different across different
 	 * database engines, so this string appears in each driver and is

system/database/drivers/cubrid/cubrid_driver.php

@@ -45,10 +45,6 @@ class CI_DB_cubrid_driver extends CI_DB {
 	// The character used for escaping - no need in CUBRID
 	protected $_escape_char = '`';
 
-	// clause and character used for LIKE escape sequences - not used in CUBRID
-	protected $_like_escape_str = '';
-	protected $_like_escape_chr = '';
-
 	protected $_random_keyword = ' RAND()'; // database specific random keyword
 
 	// CUBRID-specific properties
@@ -72,6 +68,8 @@ public function __construct($params)
 		}
 	}
 
+	// --------------------------------------------------------------------
+
 	/**
 	 * Non-persistent database connection
 	 *

system/database/drivers/ibase/ibase_driver.php

@@ -45,10 +45,6 @@ class CI_DB_ibase_driver extends CI_DB {
 	// The character used to escape with
 	protected $_escape_char = '"';
 
-	// clause and character used for LIKE escape sequences
-	protected $_like_escape_str = " ESCAPE '%s' ";
-	protected $_like_escape_chr = '!';
-
 	protected $_random_keyword = ' Random()'; // database specific random keyword
 
 	// Keeps track of the resource for the current transaction

system/database/drivers/mssql/mssql_driver.php

@@ -45,10 +45,6 @@ class CI_DB_mssql_driver extends CI_DB {
 	// The character used for escaping
 	protected $_escape_char = '"';
 
-	// clause and character used for LIKE escape sequences
-	protected $_like_escape_str = " ESCAPE '%s' ";
-	protected $_like_escape_chr = '!';
-
 	protected $_random_keyword = ' NEWID()';
 
 	// MSSQL-specific properties

system/database/drivers/mysql/mysql_driver.php

@@ -45,10 +45,6 @@ class CI_DB_mysql_driver extends CI_DB {
 	// The character used for escaping
 	protected $_escape_char = '`';
 
-	// clause and character used for LIKE escape sequences - not used in MySQL
-	protected $_like_escape_str = '';
-	protected $_like_escape_chr = '\\';
-
 	protected $_random_keyword = ' RAND()'; // database specific random keyword
 
 	/**

system/database/drivers/mysqli/mysqli_driver.php

@@ -45,10 +45,6 @@ class CI_DB_mysqli_driver extends CI_DB {
 	// The character used for escaping
 	protected $_escape_char = '`';
 
-	// clause and character used for LIKE escape sequences - not used in MySQL
-	protected $_like_escape_str = '';
-	protected $_like_escape_chr = '\\';
-
 	protected $_random_keyword = ' RAND()'; // database specific random keyword
 
 	/**

system/database/drivers/oci8/oci8_driver.php

@@ -54,10 +54,6 @@ class CI_DB_oci8_driver extends CI_DB {
 	// The character used for excaping
 	protected $_escape_char = '"';
 
-	// clause and character used for LIKE escape sequences
-	protected $_like_escape_str = " ESCAPE '%s' ";
-	protected $_like_escape_chr = '!';
-
 	/**
 	 * The syntax to count rows is slightly different across different
 	 * database engines, so this string appears in each driver and is

system/database/drivers/odbc/odbc_driver.php

@@ -45,9 +45,7 @@ class CI_DB_odbc_driver extends CI_DB {
 	// the character used to excape - not necessary for ODBC
 	protected $_escape_char = '';
 
-	// clause and character used for LIKE escape sequences
 	protected $_like_escape_str = " {escape '%s'} ";
-	protected $_like_escape_chr = '!';
 
 	protected $_random_keyword;
 

system/database/drivers/pdo/pdo_driver.php

@@ -45,10 +45,6 @@ class CI_DB_pdo_driver extends CI_DB {
 	// The character used to escaping
 	protected $_escape_char = '"';
 
-	// clause and character used for LIKE escape sequences
-	protected $_like_escape_str = " ESCAPE '%s' ";
-	protected $_like_escape_chr = '!';
-
 	protected $_random_keyword;
 
 	public $trans_enabled = FALSE;

system/database/drivers/pdo/subdrivers/pdo_cubrid_driver.php

@@ -44,10 +44,6 @@ class CI_DB_pdo_cubrid_driver extends CI_DB_pdo_driver {
 
 	protected $_escape_char = '`';
 
-	// clause and character used for LIKE escape sequences - not used in CUBRID
-	protected $_like_escape_str = '';
-	protected $_like_escape_chr = '\\';
-
 	protected $_random_keyword = ' RAND()';
 
 	/**

system/database/drivers/pdo/subdrivers/pdo_mysql_driver.php

@@ -44,10 +44,6 @@ class CI_DB_pdo_mysql_driver extends CI_DB_pdo_driver {
 
 	protected $_escape_char = '`';
 
-	// clause and character used for LIKE escape sequences - not used in MySQL
-	protected $_like_escape_str = '';
-	protected $_like_escape_chr = '\\';
-
 	protected $_random_keyword = ' RAND()';
 
 	/**

system/database/drivers/pdo/subdrivers/pdo_odbc_driver.php

@@ -46,7 +46,6 @@ class CI_DB_pdo_odbc_driver extends CI_DB_pdo_driver {
 	protected $_escape_char = '';
 
 	// clause and character used for LIKE escape sequences
-	protected $_like_escape_chr = '!';
 	protected $_like_escape_str = " {escape '%s'} ";
 
 	protected $_random_keyword = ' RAND()';

system/database/drivers/postgre/postgre_driver.php

@@ -44,10 +44,6 @@ class CI_DB_postgre_driver extends CI_DB {
 
 	protected $_escape_char = '"';
 
-	// clause and character used for LIKE escape sequences
-	protected $_like_escape_str = " ESCAPE '%s' ";
-	protected $_like_escape_chr = '!';
-
 	protected $_random_keyword = ' RANDOM()'; // database specific random keyword
 
 	/**

system/database/drivers/sqlite/sqlite_driver.php

@@ -45,10 +45,6 @@ class CI_DB_sqlite_driver extends CI_DB {
 	// The character used to escape with - not needed for SQLite
 	protected $_escape_char = '"';
 
-	// clause and character used for LIKE escape sequences
-	protected $_like_escape_str = " ESCAPE '%s' ";
-	protected $_like_escape_chr = '!';
-
 	protected $_random_keyword = ' Random()'; // database specific random keyword
 
 	/**

system/database/drivers/sqlite3/sqlite3_driver.php

@@ -46,10 +46,6 @@ class CI_DB_sqlite3_driver extends CI_DB {
 	// The character used for escaping
 	protected $_escape_char = '"';
 
-	// clause and character used for LIKE escape sequences
-	protected $_like_escape_str = ' ESCAPE \'%s\' ';
-	protected $_like_escape_chr = '!';
-
 	protected $_random_keyword = ' RANDOM()';
 
 	/**

system/database/drivers/sqlsrv/sqlsrv_driver.php

@@ -45,10 +45,6 @@ class CI_DB_sqlsrv_driver extends CI_DB {
 	// The character used for escaping
 	protected $_escape_char = '"';
 
-	// clause and character used for LIKE escape sequences
-	protected $_like_escape_str = " ESCAPE '%s' ";
-	protected $_like_escape_chr = '!';
-
 	protected $_random_keyword = ' NEWID()';
 
 	// SQLSRV-specific properties

user_guide_src/source/changelog.rst

@@ -312,12 +312,12 @@ Bug fixes for 3.0
 -  Fixed a bug (#666) - :doc:`Output library <libraries/output>`'s set_content_type() method didn't set the document charset.
 -  Fixed a bug (#784, #861) - :doc:`Database Forge <database/forge>` method ``create_table()`` used to accept constraints for MSSQL/SQLSRV integer-type columns.
 -  Fixed a bug (#706) - SQLSRV/MSSSQL didn't escape field names.
--  Fixed a bug (#1452) - protect_identifiers() didn't properly detect identifiers with spaces in their names.
--  Fixed a bug where protect_identifiers() ignored it's extra arguments when the value passed to it is an array.
--  Fixed a bug where _has_operator() didn't detect BETWEEN.
--  Fixed a bug in :doc:`Query Builder <database/query_builder>`'s join() method where it failed with identifiers containing dashes.
+-  Fixed a bug (#1452) - ``protect_identifiers()`` didn't properly detect identifiers with spaces in their names.
+-  Fixed a bug where ``protect_identifiers()`` ignored it's extra arguments when the value passed to it is an array.
+-  Fixed a bug where ``_has_operator()`` didn't detect BETWEEN.
+-  Fixed a bug in :doc:`Query Builder <database/query_builder>`'s ``join()`` method where it failed with identifiers containing dashes.
 -  Fixed a bug (#1264) - :doc:`Database Forge <database/forge>` and :doc:`Database Utilities <database/utilities>` didn't update/reset the databases and tables list cache when a table or a database is created, dropped or renamed.
--  Fixed a bug (#7) - :doc:`Query Builder <database/query_builder>`'s join() method only escaped one set of conditions.
+-  Fixed a bug (#7) - :doc:`Query Builder <database/query_builder>`'s ``join()`` method only escaped one set of conditions.
 -  Fixed a bug (#1321) - Core Exceptions class couldn't find the errors/ folder in some cases.
 -  Fixed a bug in the File-based :doc:`Cache Library <libraries/caching>` driver's get_metadata() method where a non-existent array key was accessed for the TTL value.
 -  Fixed a bug (#1202) - :doc:`Encryption Library <libraries/encryption>` encode_from_legacy() didn't set back the encrypt mode on failure.
@@ -343,6 +343,7 @@ Bug fixes for 3.0
 -  Fixed a bug in SQLSRV's ``affected_rows()`` method where an erroneous function name was used.
 -  Fixed a bug (#1000) - Change syntax of ``$view_file`` to ``$_ci_view_file`` to prevent being overwritten by application.
 -  Fixed a bug (#1757) - :doc:`Directory Helper <helpers/directory_helper>` function ``directory_map()`` was skipping files and directories named *0*.
+-  Fixed a bug (#1789) - :doc:`Database Library <libraries/database>` method ``escape_str()`` escaped quote characters in LIKE conditions twice under MySQL.
 
 Version 2.1.2
 =============