From 8f098e8dead85b6512ac72b2d805314baec72a2f Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Mon, 17 Sep 2012 16:04:16 -0400
Subject: [PATCH] Merge branch 'master' of github.com:roundcube/roundcubemail

---
 program/include/rcube_db.php |   18 ++++++++++++------
 1 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/program/include/rcube_db.php b/program/include/rcube_db.php
index f97d70a..eb1ad31 100644
--- a/program/include/rcube_db.php
+++ b/program/include/rcube_db.php
@@ -388,13 +388,19 @@
         $idx = 0;
 
         while ($pos = strpos($query, '?', $pos)) {
-            $val = $this->quote($params[$idx++]);
-            unset($params[$idx-1]);
-            $query = substr_replace($query, $val, $pos, 1);
-            $pos += strlen($val);
+            if ($query[$pos+1] == '?') {  // skip escaped ?
+                $pos += 2;
+            }
+            else {
+                $val = $this->quote($params[$idx++]);
+                unset($params[$idx-1]);
+                $query = substr_replace($query, $val, $pos, 1);
+                $pos += strlen($val);
+            }
         }
 
-        $query = rtrim($query, ';');
+        // replace escaped ? back to normal
+        $query = rtrim(strtr($query, array('??' => '?')), ';');
 
         $this->debug($query);
 
@@ -591,7 +597,7 @@
                 'integer' => PDO::PARAM_INT,
             );
             $type = isset($map[$type]) ? $map[$type] : PDO::PARAM_STR;
-            return $this->dbh->quote($input, $type);
+            return strtr($this->dbh->quote($input, $type), array('?' => '??'));  // escape ?
         }
 
         return 'NULL';

--
Gitblit v1.9.1