From 7451c1f6c94fd2fe1160962333cebaa869451aa2 Mon Sep 17 00:00:00 2001 From: vrana Date: Thu, 5 Apr 2012 18:30:25 -0700 Subject: [PATCH] Support NO_BACKSLASH_ESCAPES in escapeStringForLikeClause() Summary: Also simplify this clunky code. Test Plan: /owners/view/search/?name=%25 Reviewers: epriestley Reviewed By: epriestley CC: aran Differential Revision: https://secure.phabricator.com/D2114 --- .../base/AphrontMySQLDatabaseConnectionBase.php | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/src/storage/connection/mysql/base/AphrontMySQLDatabaseConnectionBase.php b/src/storage/connection/mysql/base/AphrontMySQLDatabaseConnectionBase.php index 69edb93906..eb2990708a 100644 --- a/src/storage/connection/mysql/base/AphrontMySQLDatabaseConnectionBase.php +++ b/src/storage/connection/mysql/base/AphrontMySQLDatabaseConnectionBase.php @@ -71,19 +71,8 @@ abstract class AphrontMySQLDatabaseConnectionBase } public function escapeStringForLikeClause($value) { + $value = addcslashes($value, '\%_'); $value = $this->escapeString($value); - // Ideally the query shouldn't be modified after safely escaping it, - // but we need to escape _ and % within LIKE terms. - $value = str_replace( - // Even though we've already escaped, we need to replace \ with \\ - // because MYSQL unescapes twice inside a LIKE clause. See note - // at mysql.com. However, if the \ is being used to escape a single - // quote ('), then the \ should not be escaped. Thus, after all \ - // are replaced with \\, we need to revert instances of \\' back to - // \'. - array('\\', '\\\\\'', '_', '%'), - array('\\\\', '\\\'', '\_', '\%'), - $value); return $value; }