Skip to content

Commit 63a8aaa

Browse files
kenjiskenjis
committed
fix: $db->escapeString() does not accept Stringable
1 parent 4ac163d commit 63a8aaa

File tree

2 files changed

+28
-2
lines changed

2 files changed

+28
-2
lines changed

system/Database/BaseConnection.php

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1332,8 +1332,8 @@ public function escape($str)
13321332
/**
13331333
* Escape String
13341334
*
1335-
* @param list<string>|string $str Input string
1336-
* @param bool $like Whether or not the string will be used in a LIKE condition
1335+
* @param list<string|Stringable>|string|Stringable $str Input string
1336+
* @param bool $like Whether the string will be used in a LIKE condition
13371337
*
13381338
* @return list<string>|string
13391339
*/
@@ -1347,6 +1347,14 @@ public function escapeString($str, bool $like = false)
13471347
return $str;
13481348
}
13491349

1350+
if ($str instanceof Stringable) {
1351+
if ($str instanceof RawSql) {
1352+
return $str->__toString();
1353+
}
1354+
1355+
$str = (string) $str;
1356+
}
1357+
13501358
$str = $this->_escapeString($str);
13511359

13521360
// escape LIKE condition wildcards

tests/system/Database/Live/EscapeTest.php

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,15 @@ public function testEscapeString(): void
7171
$this->assertSame($expected, $sql);
7272
}
7373

74+
public function testEscapeStringStringable(): void
75+
{
76+
$expected = "SELECT * FROM brands WHERE name = '2024-01-01 12:00:00'";
77+
$sql = "SELECT * FROM brands WHERE name = '"
78+
. $this->db->escapeString(new Time('2024-01-01 12:00:00')) . "'";
79+
80+
$this->assertSame($expected, $sql);
81+
}
82+
7483
public function testEscapeLikeString(): void
7584
{
7685
$expected = "SELECT * FROM brands WHERE column LIKE '%10!% more%' ESCAPE '!'";
@@ -79,6 +88,15 @@ public function testEscapeLikeString(): void
7988
$this->assertSame($expected, $sql);
8089
}
8190

91+
public function testEscapeLikeStringStringable(): void
92+
{
93+
$expected = "SELECT * FROM brands WHERE column LIKE '%2024-01-01 12:00:00%' ESCAPE '!'";
94+
$sql = "SELECT * FROM brands WHERE column LIKE '%"
95+
. $this->db->escapeLikeString(new Time('2024-01-01 12:00:00')) . "%' ESCAPE '!'";
96+
97+
$this->assertSame($expected, $sql);
98+
}
99+
82100
public function testEscapeLikeStringDirect(): void
83101
{
84102
if ($this->db->DBDriver === 'MySQLi') {

0 commit comments

Comments
 (0)