Escape sprintf % chars in queries

Thanks m92o
author: Kunio Murasawa <[email protected]> 2012-06-02 01:17:52 +0900
committer: Simon Holywell <[email protected]> 2012-11-08 13:39:40 +0000
commit: 84bd58f902d93970a6626c2e3d360eed09a4b174 (patch)
tree: a5b3e84e06af72047f6999ba8f00b2cebf5685fa
parent: 6ad8dc19fee4a323e2c5e92371a46be1a1b7c847 (diff)
2 files changed, 7 insertions, 0 deletions
diff --git a/idiorm.php b/idiorm.php
index 8291181..710b913 100644
--- a/idiorm.php
+++ b/idiorm.php
@@ -271,6 +271,9 @@
                 // Escape the parameters
                 $parameters = array_map(array(self::$_db, 'quote'), $parameters);
 
+                // Avoid %format collision for vsprintf
+                $query = str_replace("%", "%%", $query);
+
                 // Replace placeholders in the query for vsprintf
                 $query = str_replace("?", "%s", $query);
 
diff --git a/test/test_queries.php b/test/test_queries.php
index 0faa592..e5681db 100644
--- a/test/test_queries.php
+++ b/test/test_queries.php
@@ -120,6 +120,10 @@
     $expected = "SELECT * FROM `widget` WHERE `name` = 'Fred' AND (`age` = '5' OR `age` = '10')";
     Tester::check_equal("Raw WHERE clause", $expected);
 
+    ORM::for_table('widget')->where_raw('STRFTIME("%Y", "now") = ?', array(2012))->find_many();
+    $expected = "SELECT * FROM `widget` WHERE STRFTIME(\"%Y\", \"now\") = '2012'";
+    Tester::check_equal("Raw WHERE clause with '%'", $expected);
+
     ORM::for_table('widget')->where_raw('`name` = "Fred"')->find_many();
     $expected = "SELECT * FROM `widget` WHERE `name` = \"Fred\"";
     Tester::check_equal("Raw WHERE clause with no parameters", $expected);
author	Kunio Murasawa <[email protected]>	2012-06-02 01:17:52 +0900
committer	Simon Holywell <[email protected]>	2012-11-08 13:39:40 +0000
commit	84bd58f902d93970a6626c2e3d360eed09a4b174 (patch)
tree	a5b3e84e06af72047f6999ba8f00b2cebf5685fa
parent	6ad8dc19fee4a323e2c5e92371a46be1a1b7c847 (diff)