Skip to content

fix: BaseConnection::_escapeString() should accept Stringable #8739

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 3 commits into from
Closed

fix: BaseConnection::_escapeString() should accept Stringable #8739

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4825f89
fix: _escapeString() should accept Stringable
kenjis Apr 9, 2024
9d59483
docs: add changelog and upgrade
kenjis Apr 10, 2024
801d2ef
docs: fix typo
kenjis Apr 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions system/Database/BaseConnection.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
use CodeIgniter\Database\Exceptions\DatabaseException;
use CodeIgniter\Events\Events;
use stdClass;
use Stringable;
use Throwable;

/**
Expand Down Expand Up @@ -1328,8 +1329,8 @@ public function escape($str)
/**
* Escape String
*
* @param list<string>|string $str Input string
* @param bool $like Whether or not the string will be used in a LIKE condition
* @param list<string|Stringable>|string|Stringable $str Input string
* @param bool $like Whether the string will be used in a LIKE condition
*
* @return list<string>|string
*/
Expand Down Expand Up @@ -1371,7 +1372,7 @@ public function escapeString($str, bool $like = false)
* Calls the individual driver for platform
* specific escaping for LIKE conditions
*
* @param list<string>|string $str
* @param list<string|Stringable>|string|Stringable $str
*
* @return list<string>|string
*/
Expand All @@ -1385,7 +1386,7 @@ public function escapeLikeString($str)
*
* Will likely be overridden in child classes.
*/
protected function _escapeString(string $str): string
protected function _escapeString(string|Stringable $str): string
{
return str_replace("'", "''", remove_invisible_characters($str, false));
}
Expand Down
3 changes: 2 additions & 1 deletion system/Database/MySQLi/Connection.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
use mysqli_result;
use mysqli_sql_exception;
use stdClass;
use Stringable;
use Throwable;

/**
Expand Down Expand Up @@ -342,7 +343,7 @@ public function affectedRows(): int
/**
* Platform-dependant string escape
*/
protected function _escapeString(string $str): string
protected function _escapeString(string|Stringable $str): string
{
if (! $this->connID) {
$this->initialize();
Expand Down
3 changes: 2 additions & 1 deletion system/Database/Postgre/Connection.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
use PgSql\Connection as PgSqlConnection;
use PgSql\Result as PgSqlResult;
use stdClass;
use Stringable;

/**
* Connection for Postgre
Expand Down Expand Up @@ -253,7 +254,7 @@ public function escape($str)
/**
* Platform-dependant string escape
*/
protected function _escapeString(string $str): string
protected function _escapeString(string|Stringable $str): string
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same question for pg_escape_string.

I think we need to add a string cast to both function calls.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the good insight!

{
if (! $this->connID) {
$this->initialize();
Expand Down
3 changes: 2 additions & 1 deletion system/Database/SQLSRV/Connection.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
use CodeIgniter\Database\BaseConnection;
use CodeIgniter\Database\Exceptions\DatabaseException;
use stdClass;
use Stringable;

/**
* Connection for SQLSRV
Expand Down Expand Up @@ -182,7 +183,7 @@ protected function _close()
/**
* Platform-dependant string escape
*/
protected function _escapeString(string $str): string
protected function _escapeString(string|Stringable $str): string
{
return str_replace("'", "''", remove_invisible_characters($str, false));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does remove_invisible_characters also allow Stringable?

}
Expand Down
3 changes: 2 additions & 1 deletion system/Database/SQLite3/Connection.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
use SQLite3;
use SQLite3Result;
use stdClass;
use Stringable;

/**
* Connection for SQLite3
Expand Down Expand Up @@ -171,7 +172,7 @@ public function affectedRows(): int
/**
* Platform-dependant string escape
*/
protected function _escapeString(string $str): string
protected function _escapeString(string|Stringable $str): string
{
if (! $this->connID instanceof SQLite3) {
$this->initialize();
Expand Down
4 changes: 4 additions & 0 deletions user_guide_src/source/changelogs/v4.5.1.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@ Release Date: Unreleased
BREAKING
********

- **QueryBuilder:** Fixed a bug where ``BaseBuilder::_escapeString()`` did not
accept ``Stringable``. Therefore, the parameter type of that method has been
changed from ``string`` to ``string|Stringable``.

***************
Message Changes
***************
Expand Down
4 changes: 4 additions & 0 deletions user_guide_src/source/installation/upgrade_451.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,10 @@ Mandatory File Changes
Breaking Changes
****************

- **QueryBuilder:** Due to a bug fix, the parameter type of ``BaseBuilder::_escapeString()``
has been changed from ``string`` to ``string|Stringable``. If you are extending
this method, update the method paramtere type.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo: paramtere - parameter

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Done.


*********************
Breaking Enhancements
*********************
Expand Down