1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-23 05:50:55 +01:00

Support NO_BACKSLASH_ESCAPES in escapeStringForLikeClause()

Summary: Also simplify this clunky code.

Test Plan: /owners/view/search/?name=%25

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2114
This commit is contained in:
vrana 2012-04-05 18:30:25 -07:00
parent a662b09e73
commit 7451c1f6c9

View file

@ -71,19 +71,8 @@ abstract class AphrontMySQLDatabaseConnectionBase
}
public function escapeStringForLikeClause($value) {
$value = addcslashes($value, '\%_');
$value = $this->escapeString($value);
// Ideally the query shouldn't be modified after safely escaping it,
// but we need to escape _ and % within LIKE terms.
$value = str_replace(
// Even though we've already escaped, we need to replace \ with \\
// because MYSQL unescapes twice inside a LIKE clause. See note
// at mysql.com. However, if the \ is being used to escape a single
// quote ('), then the \ should not be escaped. Thus, after all \
// are replaced with \\, we need to revert instances of \\' back to
// \'.
array('\\', '\\\\\'', '_', '%'),
array('\\\\', '\\\'', '\_', '\%'),
$value);
return $value;
}