Add rcube_db::escape() method, fix escapeSimple() to use escape instead of quote()

pull/88/head
Aleksander Machniak 12 years ago
parent 7af32a95bb
commit 51f52b525b

@ -55,7 +55,7 @@ class virtuser_query extends rcube_plugin
{ {
$dbh = $this->app->get_dbh(); $dbh = $this->app->get_dbh();
$sql_result = $dbh->query(preg_replace('/%u/', $dbh->quote($p['user']), $this->config['email'])); $sql_result = $dbh->query(preg_replace('/%u/', $dbh->escape($p['user']), $this->config['email']));
while ($sql_arr = $dbh->fetch_array($sql_result)) { while ($sql_arr = $dbh->fetch_array($sql_result)) {
if (strpos($sql_arr[0], '@')) { if (strpos($sql_arr[0], '@')) {
@ -92,7 +92,7 @@ class virtuser_query extends rcube_plugin
{ {
$dbh = $this->app->get_dbh(); $dbh = $this->app->get_dbh();
$sql_result = $dbh->query(preg_replace('/%m/', $dbh->quote($p['email']), $this->config['user'])); $sql_result = $dbh->query(preg_replace('/%m/', $dbh->escape($p['email']), $this->config['user']));
if ($sql_arr = $dbh->fetch_array($sql_result)) { if ($sql_arr = $dbh->fetch_array($sql_result)) {
$p['user'] = $sql_arr[0]; $p['user'] = $sql_arr[0];
@ -108,7 +108,7 @@ class virtuser_query extends rcube_plugin
{ {
$dbh = $this->app->get_dbh(); $dbh = $this->app->get_dbh();
$sql_result = $dbh->query(preg_replace('/%u/', $dbh->quote($p['user']), $this->config['host'])); $sql_result = $dbh->query(preg_replace('/%u/', $dbh->escape($p['user']), $this->config['host']));
if ($sql_arr = $dbh->fetch_array($sql_result)) { if ($sql_arr = $dbh->fetch_array($sql_result)) {
$p['host'] = $sql_arr[0]; $p['host'] = $sql_arr[0];

@ -633,6 +633,22 @@ class rcube_db
return 'NULL'; return 'NULL';
} }
/**
* Escapes a string so it can be safely used in a query
*
* @param string $str A string to escape
*
* @return string Escaped string for use in a query
*/
public function escape($str)
{
if (is_null($str)) {
return 'NULL';
}
return substr($this->quote($str), 1, -1);
}
/** /**
* Quotes a string so it can be safely used as a table or column name * Quotes a string so it can be safely used as a table or column name
* *
@ -648,17 +664,17 @@ class rcube_db
} }
/** /**
* Quotes a string so it can be safely used as a table or column name * Escapes a string so it can be safely used in a query
* *
* @param string $str Value to quote * @param string $str A string to escape
* *
* @return string Quoted string for use in query * @return string Escaped string for use in a query
* @deprecated Replaced by rcube_db::quote * @deprecated Replaced by rcube_db::escape
* @see rcube_db::quote * @see rcube_db::escape
*/ */
public function escapeSimple($str) public function escapeSimple($str)
{ {
return $this->quote($str); return $this->escape($str);
} }
/** /**

Loading…
Cancel
Save