Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-14841

sql_like_expression() doesn't handle underscores correctly

    Details

      Description

      Having an underscore in the sql_like_expression() fails. The underscore ends up being double escaped (in MySQL, not sure about other DBMs).

      It is escaped in the sql_like_expression() function itself. Then it gets escaped again by the sql_escape() function.

      For example,

      $db->sql_like_expression('foo_' . $db->get_any_char())
      

      Results in a bad MYSQL error:

      LIKE 'FOO\\_%'
      

      To work it must be:

      LIKE 'FOO\_%'
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              VSE Matt Friedman
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: