From f425bd46540747de95e57119b8b39f095d3c3cff Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 15 Apr 2023 01:24:50 +0200 Subject: [PATCH] Fix sqlforlike when searching with like and _ string --- htdocs/core/db/mysqli.class.php | 2 +- htdocs/core/db/pgsql.class.php | 2 +- htdocs/core/db/sqlite3.class.php | 2 +- test/phpunit/CodingSqlTest.php | 38 ++++++++++++++++++++++++++++++++ 4 files changed, 41 insertions(+), 3 deletions(-) diff --git a/htdocs/core/db/mysqli.class.php b/htdocs/core/db/mysqli.class.php index 0eef42b7424..a05dbf46e4b 100644 --- a/htdocs/core/db/mysqli.class.php +++ b/htdocs/core/db/mysqli.class.php @@ -494,7 +494,7 @@ class DoliDBMysqli extends DoliDB */ public function escapeforlike($stringtoencode) { - return str_replace(array('_', '\\', '%'), array('\_', '\\\\', '\%'), (string) $stringtoencode); + return str_replace(array('\\', '_', '%'), array('\\\\', '\_', '\%'), (string) $stringtoencode); } /** diff --git a/htdocs/core/db/pgsql.class.php b/htdocs/core/db/pgsql.class.php index 28ac15a43ff..f4df72ceb26 100644 --- a/htdocs/core/db/pgsql.class.php +++ b/htdocs/core/db/pgsql.class.php @@ -741,7 +741,7 @@ class DoliDBPgsql extends DoliDB */ public function escapeforlike($stringtoencode) { - return str_replace(array('_', '\\', '%'), array('\_', '\\\\', '\%'), (string) $stringtoencode); + return str_replace(array('\\', '_', '%'), array('\\\\', '\_', '\%'), (string) $stringtoencode); } /** diff --git a/htdocs/core/db/sqlite3.class.php b/htdocs/core/db/sqlite3.class.php index e31eeffe457..71872b0898b 100644 --- a/htdocs/core/db/sqlite3.class.php +++ b/htdocs/core/db/sqlite3.class.php @@ -669,7 +669,7 @@ class DoliDBSqlite3 extends DoliDB */ public function escapeforlike($stringtoencode) { - return str_replace(array('_', '\\', '%'), array('\_', '\\\\', '\%'), (string) $stringtoencode); + return str_replace(array('\\', '_', '%'), array('\\\\', '\_', '\%'), (string) $stringtoencode); } /** diff --git a/test/phpunit/CodingSqlTest.php b/test/phpunit/CodingSqlTest.php index 00c7a5aebae..504203eeabf 100644 --- a/test/phpunit/CodingSqlTest.php +++ b/test/phpunit/CodingSqlTest.php @@ -157,6 +157,44 @@ class CodingSqlTest extends PHPUnit\Framework\TestCase print __METHOD__."\n"; } + /** + * testEscape + * + * @return string + */ + public function testEscape() + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $a = 'abc"\'def'; + print $a; + $result = $db->escape($a); // $result must be abc\"\'def + $this->assertEquals('abc\"\\\'def', $result); + } + + /** + * testEscapeForLike + * + * @return string + */ + public function testEscapeForLike() + { + global $conf,$user,$langs,$db; + $conf=$this->savconf; + $user=$this->savuser; + $langs=$this->savlangs; + $db=$this->savdb; + + $a = 'abc"\'def_ghi%klm\\nop'; + //print $a; + $result = $db->escapeforlike($a); // $result must be abc"'def\_ghi\%klm\\nop + $this->assertEquals('abc"\'def\_ghi\%klm\\\\nop', $result); + } + /** * testSql *