Roundcubemail devel
parent: 0db8d00d | patch | commit | ignore whitespace
Thomas Bruederli
2012-08-15 13969cf5406c14ba5dd5f830d7a8e2e2134e244b 
Skip ? in quoted values from being replaced with parameters
1 files modified
18 ■■■■■ changed files
program/include/rcube_db.php 18 ●●●●● patch | view | raw | blame | history 
 program/include/rcube_db.php


@@ -388,13 +388,19 @@


        $idx = 0;




        while ($pos = strpos($query, '?', $pos)) {


            $val = $this->quote($params[$idx++]);


            unset($params[$idx-1]);


            $query = substr_replace($query, $val, $pos, 1);


            $pos += strlen($val);


            if ($query[$pos+1] == '?') {  // skip escaped ?


                $pos += 2;


            }


            else {


                $val = $this->quote($params[$idx++]);


                unset($params[$idx-1]);


                $query = substr_replace($query, $val, $pos, 1);


                $pos += strlen($val);


            }


        }




        $query = rtrim($query, ';');


        // replace escaped ? back to normal


        $query = rtrim(strtr($query, array('??' => '?')), ';');




        $this->debug($query);




@@ -591,7 +597,7 @@


                'integer' => PDO::PARAM_INT,


            );


            $type = isset($map[$type]) ? $map[$type] : PDO::PARAM_STR;


            return $this->dbh->quote($input, $type);


            return strtr($this->dbh->quote($input, $type), array('?' => '??'));  // escape ?


        }




        return 'NULL';