Fix qa_db_escape_string for backwards compatibility

915ee0a9 · Scott · b0d15b92 · 915ee0a9
Commit 915ee0a9 authored Jan 19, 2019 by Scott
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 3 deletions

qa-db.php qa-include/qa-db.php +7 -3

No files found.
--- a/qa-include/qa-db.php
+++ b/qa-include/qa-db.php
@@ -136,7 +136,9 @@ function qa_db_escape_string($string)
 	if (qa_to_override(__FUNCTION__)) { $args=func_get_args(); return qa_call_override(__FUNCTION__, $args); }

 	$pdo = qa_service('database')->getPDO();
-	return $pdo->quote($string);
+	// PDO::quote wraps the value in single quotes, so remove them for backwards compatibility
+	$quotedString = $pdo->quote($string);
+	return substr($quotedString, 1, -1);
 }


@@ -163,8 +165,10 @@ function qa_db_argument_to_mysql($argument, $alwaysquote, $arraybrackets = false
 			$result = implode(',', $parts);

 	} elseif (isset($argument)) {
-		// PDO adds quotes so no need here
-		$result = qa_db_escape_string($argument);
+		if ($alwaysquote || !is_numeric($argument))
+			$result = "'" . qa_db_escape_string($argument) . "'";
+		else
+			$result = qa_db_escape_string($argument);
 	} else
 		$result = 'NULL';