Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-14841

sql_like_expression() doesn't handle underscores correctly

    XMLWordPrintable

Details

    Description

      Having an underscore in the sql_like_expression() fails. The underscore ends up being double escaped (in MySQL, not sure about other DBMs).

      It is escaped in the sql_like_expression() function itself. Then it gets escaped again by the sql_escape() function.

      For example, 

      $db->sql_like_expression('foo_' . $db->get_any_char())

      Results in a bad MYSQL error:

      LIKE 'FOO\\_%'

      To work it must be:

      LIKE 'FOO\_%'

      Attachments

        Activity

          People

            Unassigned Unassigned
            VSE Matt Friedman [X] (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: