On MySQL and MySQLi driver
on the method escape_str
* Escape String
* @param string
* @param bool whether or not the string will be used in a LIKE condition
* @return string
public function escape_str($str, $like = FALSE)
foreach ($str as $key => $val)
$str[$key] = $this->escape_str($val, $like);
$str = is_object($this->conn_id) ? $this->conn_id->real_escape_string($str) : addslashes($str);
// escape LIKE condition wildcards
if ($like === TRUE)
return str_replace(array($this->_like_escape_chr, '%', '_'),
array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'),
this cause single quote input into function
$this->db->like() or $this->db->escape_like_str(" ' ", TRUE);
Produce unwanted error
$this->db->like('field', " ' ");
# suppose become
I'm also having this issue, if I do:
how's the status of this bug ?
I'm thinking about changing the escape character via LIKE '<expr>' ESCAPE '<char>' syntax (if supported by MySQL, but I doubt that it's not). Any other ideas?
LIKE '<expr>' ESCAPE '<char>'
I was hoping it was just a bug in the escaping code for "like", but I didn't look into the underlying code yet. :)
Fix issue #1789
Signed-off-by: Andrey Andreev <email@example.com>
Fix appears to be working great. As always, thank you!
awesome fix !
Whatever happened to this fix?
I'm looking in https://github.com/bcit-ci/CodeIgniter/blob/master/system/database/drivers/mysqli/mysqli_driver.php and it doesn't set _like_escape_chr to "" anywhere (like the fix does) and so the value remains "!" from DB_driver.php, generating incorrect queries
I don't understand why you think "the fix" sets \ as the escape character - it never did - nor what you mean by incorrect queries.
I was mistaken. The "fix" you link above actually removes the correct values of _like_escape_chr from the various database drivers.
The end result is that CI is unable to form queries properly that use the like operand, and which contain terms with underscores.
For example, it generates this query: SELECT * FROM a WHERE b like '%first!_last%'
When I try to run this query in mysql, it breaks.
The correctly formed query follows: SELECT * FROM a WHERE b like '%first_last%' --to find entry "first_last"
CI doesn't generate such queries, it puts ESCAPE '!' at the end.
Ah, in that case it must have been fixed in the most recent version, as I can only confirm this issue in 3.0.1 and am currently unable to upgrade to test. Sorry for the confusion
It's not ... you're confusing what CI generates (which happens via the QB like() method) and what escape_like_str() returns when used on its own.