mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-23 05:50:55 +01:00
Support NO_BACKSLASH_ESCAPES in escapeStringForLikeClause()
Summary: Also simplify this clunky code. Test Plan: /owners/view/search/?name=%25 Reviewers: epriestley Reviewed By: epriestley CC: aran Differential Revision: https://secure.phabricator.com/D2114
This commit is contained in:
parent
a662b09e73
commit
7451c1f6c9
1 changed files with 1 additions and 12 deletions
|
@ -71,19 +71,8 @@ abstract class AphrontMySQLDatabaseConnectionBase
|
|||
}
|
||||
|
||||
public function escapeStringForLikeClause($value) {
|
||||
$value = addcslashes($value, '\%_');
|
||||
$value = $this->escapeString($value);
|
||||
// Ideally the query shouldn't be modified after safely escaping it,
|
||||
// but we need to escape _ and % within LIKE terms.
|
||||
$value = str_replace(
|
||||
// Even though we've already escaped, we need to replace \ with \\
|
||||
// because MYSQL unescapes twice inside a LIKE clause. See note
|
||||
// at mysql.com. However, if the \ is being used to escape a single
|
||||
// quote ('), then the \ should not be escaped. Thus, after all \
|
||||
// are replaced with \\, we need to revert instances of \\' back to
|
||||
// \'.
|
||||
array('\\', '\\\\\'', '_', '%'),
|
||||
array('\\\\', '\\\'', '\_', '\%'),
|
||||
$value);
|
||||
return $value;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue