Reworking how the preq_quote on Query named bindings is applied to help with #580

2025-02-20 11:44:28 +08:00 · 2017-07-03 14:36:26 -05:00 · 2017-07-03 14:36:26 -05:00 · 3a0a5e85fd
commit 3a0a5e85fd
parent 60ab63b83e
4 changed files with 32 additions and 6 deletions
--- a/system/Database/Query.php
+++ b/system/Database/Query.php
@ -412,19 +412,21 @@ class Query implements QueryInterface
 			{
 				foreach ($value as &$item)
 				{
-					$item = preg_quote($item);
+					$item = preg_quote($item, '|');
 				}

 				$escapedValue = '('.implode(',', $escapedValue).')';
 			}
 			else
 			{
-				$escapedValue = strpos($escapedValue, '\\') !== false
-					? preg_quote(trim($escapedValue, $this->db->escapeChar))
-					: $escapedValue;
+				$escapedValue = preg_quote(trim($escapedValue, $this->db->escapeChar), '|');
 			}

-			$sql = preg_replace('/:'.$placeholder.'(?!\w)/', $escapedValue, $sql);
+			// preg_quoting can cause issues with some characters in the final query,
+			// but NOT preg_quoting causes other characters to be intepreted, like $.
+			$escapedValue = str_replace('\\.', '.', $escapedValue);
+
+			$sql = preg_replace('|:'.$placeholder.'(?!\w)|', $escapedValue, $sql);
 		}

 		return $sql;
--- a/tests/_support/Database/Migrations/20160428212500_Create_test_tables.php
+++ b/tests/_support/Database/Migrations/20160428212500_Create_test_tables.php
@ -13,7 +13,7 @@ class Migration_Create_test_tables extends \CodeIgniter\Database\Migration
 			],
 			'name'    => [
 				'type'       => 'VARCHAR',
-				'constraint' => 40,
+				'constraint' => 80,
 			],
 			'email'   => [
 				'type'       => 'VARCHAR',
--- a/tests/_support/Models/UserModel.php
+++ b/tests/_support/Models/UserModel.php
@ -6,6 +6,8 @@ class UserModel extends Model
 {
 	protected $table = 'user';

+	protected $allowedFields = ['name', 'email', 'country', 'deleted'];
+
 	protected $returnType = 'object';

 	protected $useSoftDeletes = true;
--- a/tests/system/Database/Live/ModelTest.php
+++ b/tests/system/Database/Live/ModelTest.php
@ -492,4 +492,26 @@ class ModelTest extends \CIDatabaseTestCase
        $this->seeInDatabase('job', ['name' => 'Senior Developer']);
    }

+	/**
+	 * @see https://github.com/bcit-ci/CodeIgniter4/issues/580
+	 */
+	public function testPasswordsStoreCorrectly()
+    {
+		$model = new UserModel();
+
+		$pass = password_hash('secret123', PASSWORD_BCRYPT);
+
+		$data = [
+			'name'  => 	$pass,
+			'email' => 'foo@example.com',
+			'country' => 'US',
+			'deleted' => 0
+		];
+
+		$model->insert($data);
+
+		$this->seeInDatabase('user', $data);
+    }
+
 }
+