Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-14841

sql_like_expression() doesn't handle underscores correctly

    XMLWordPrintable

    Details

      Description

      Having an underscore in the sql_like_expression() fails. The underscore ends up being double escaped (in MySQL, not sure about other DBMs).

      It is escaped in the sql_like_expression() function itself. Then it gets escaped again by the sql_escape() function.

      For example,

      $db->sql_like_expression('foo_' . $db->get_any_char())
      

      Results in a bad MYSQL error:

      LIKE 'FOO\\_%'
      

      To work it must be:

      LIKE 'FOO\_%'
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            VSE Matt Friedman [X] (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: