Use str_replace instead of sprintf

sclubricants · sclubricants · commit a800da05ac73 · 2022-09-23T09:35:21.000-07:00
To avoid issues where sql has % in it. Used a unique string to replace.
diff --git a/system/Database/BaseBuilder.php b/system/Database/BaseBuilder.php
@@ -1973,7 +1973,7 @@ protected function _insertBatch(string $table, array $keys, array $values): stri
         // if this is the first iteration of batch then we need to build skeleton sql
         if ($sql === '') {
             $sql = 'INSERT ' . $this->compileIgnore('insert') . 'INTO ' . $table
-                . ' (' . implode(', ', $keys) . ")\n%s";
+                . ' (' . implode(', ', $keys) . ")\n{:_table_:}";
 
             $this->QBOptions['sql'] = $sql;
         }
@@ -1984,7 +1984,7 @@ protected function _insertBatch(string $table, array $keys, array $values): stri
             $data = 'VALUES ' . implode(', ', $this->formatValues($values));
         }
 
-        return sprintf($sql, $data);
+        return str_replace('{:_table_:}', $data, $sql);
     }
 
     /**
@@ -2334,22 +2334,22 @@ protected function _updateBatch(string $table, array $keys, array $values): stri
                 ",\n",
                 array_map(
                     static fn ($key, $value) => $key . ($value instanceof RawSql ?
-                        ' = ' . str_replace('%', '%%', $value) :
+                        ' = ' . $value :
                         ' = ' . $alias . '.' . $value),
                     array_keys($updateFields),
                     $updateFields
                 )
             ) . "\n";
 
-            $sql .= 'FROM (' . "\n%s";
+            $sql .= 'FROM (' . "\n{:_table_:}";
 
             $sql .= ') ' . $alias . "\n";
 
             $sql .= 'WHERE ' . implode(
                 ' AND ',
                 array_map(
                     static fn ($key) => ($key instanceof RawSql ?
-                    str_replace('%', '%%', (string) $key) :
+                    $key :
                     $table . '.' . $key . ' = ' . $alias . '.' . $key),
                     $constraints
                 )
@@ -2374,7 +2374,7 @@ protected function _updateBatch(string $table, array $keys, array $values): stri
             ) . "\n";
         }
 
-        return sprintf($sql, $data);
+        return str_replace('{:_table_:}', $data, $sql);
     }
 
     /**
diff --git a/system/Database/MySQLi/Builder.php b/system/Database/MySQLi/Builder.php
@@ -83,15 +83,15 @@ protected function _updateBatch(string $table, array $keys, array $values): stri
 
             $sql = 'UPDATE ' . $this->compileIgnore('update') . $table . "\n";
 
-            $sql .= 'INNER JOIN (' . "\n%s";
+            $sql .= 'INNER JOIN (' . "\n{:_table_:}";
 
             $sql .= ') ' . $alias . "\n";
 
             $sql .= 'ON ' . implode(
                 ' AND ',
                 array_map(
                     static fn ($key) => ($key instanceof RawSql ?
-                    str_replace('%', '%%', (string) $key) :
+                    $key :
                     $table . '.' . $key . ' = ' . $alias . '.' . $key),
                     $constraints
                 )
@@ -103,7 +103,7 @@ protected function _updateBatch(string $table, array $keys, array $values): stri
                 ",\n",
                 array_map(
                     static fn ($key, $value) => $table . '.' . $key . ($value instanceof RawSql ?
-                        ' = ' . str_replace('%', '%%', $value) :
+                        ' = ' . $value :
                         ' = ' . $alias . '.' . $value),
                     array_keys($updateFields),
                     $updateFields
@@ -129,6 +129,6 @@ protected function _updateBatch(string $table, array $keys, array $values): stri
             ) . "\n";
         }
 
-        return sprintf($sql, $data);
+        return str_replace('{:_table_:}', $data, $sql);
     }
 }
diff --git a/system/Database/OCI8/Builder.php b/system/Database/OCI8/Builder.php
@@ -76,7 +76,7 @@ protected function _insertBatch(string $table, array $keys, array $values): stri
             $hasPrimaryKey = in_array('PRIMARY', array_column($this->db->getIndexData($table), 'type'), true);
 
             // ORA-00001 measures
-            $sql = 'INSERT' . ($hasPrimaryKey ? '' : ' ALL') . ' INTO ' . $table . ' (' . $insertKeys . ")\n%s";
+            $sql = 'INSERT' . ($hasPrimaryKey ? '' : ' ALL') . ' INTO ' . $table . ' (' . $insertKeys . ")\n{:_table_:}";
 
             $this->QBOptions['sql'] = $sql;
         }
@@ -97,7 +97,7 @@ protected function _insertBatch(string $table, array $keys, array $values): stri
             ) . " FROM DUAL\n";
         }
 
-        return sprintf($sql, $data);
+        return str_replace('{:_table_:}', $data, $sql);
     }
 
     /**
@@ -264,15 +264,15 @@ protected function _updateBatch(string $table, array $keys, array $values): stri
             // Oracle doesn't support ignore on updates so we will use MERGE
             $sql = 'MERGE INTO ' . $table . "\n";
 
-            $sql .= 'USING (' . "\n%s";
+            $sql .= 'USING (' . "\n{:_table_:}";
 
             $sql .= ') ' . $alias . "\n";
 
             $sql .= 'ON (' . implode(
                 ' AND ',
                 array_map(
                     static fn ($key) => ($key instanceof RawSql ?
-                    str_replace('%', '%%', (string) $key) :
+                    $key :
                     $table . '.' . $key . ' = ' . $alias . '.' . $key),
                     $constraints
                 )
@@ -286,7 +286,7 @@ protected function _updateBatch(string $table, array $keys, array $values): stri
                 ",\n",
                 array_map(
                     static fn ($key, $value) => $table . '.' . $key . ($value instanceof RawSql ?
-                    ' = ' . str_replace('%', '%%', $value) :
+                    ' = ' . $value :
                     ' = ' . $alias . '.' . $value),
                     array_keys($updateFields),
                     $updateFields
@@ -312,6 +312,6 @@ protected function _updateBatch(string $table, array $keys, array $values): stri
             ) . "\n";
         }
 
-        return sprintf($sql, $data);
+        return str_replace('{:_table_:}', $data, $sql);
     }
 }
diff --git a/system/Database/Postgre/Builder.php b/system/Database/Postgre/Builder.php
@@ -200,7 +200,7 @@ protected function _insertBatch(string $table, array $keys, array $values): stri
 
         // if this is the first iteration of batch then we need to build skeleton sql
         if ($sql === '') {
-            $sql = 'INSERT INTO ' . $table . '(' . implode(', ', $keys) . ")\n%s\n";
+            $sql = 'INSERT INTO ' . $table . '(' . implode(', ', $keys) . ")\n{:_table_:}\n";
 
             $sql .= $this->compileIgnore('insert');
 
@@ -213,7 +213,7 @@ protected function _insertBatch(string $table, array $keys, array $values): stri
             $data = 'VALUES ' . implode(', ', $this->formatValues($values));
         }
 
-        return sprintf($sql, $data);
+        return str_replace('{:_table_:}', $data, $sql);
     }
 
     /**
diff --git a/system/Database/SQLSRV/Builder.php b/system/Database/SQLSRV/Builder.php
@@ -185,7 +185,7 @@ protected function _insertBatch(string $table, array $keys, array $values): stri
         // if this is the first iteration of batch then we need to build skeleton sql
         if ($sql === '') {
             $sql = 'INSERT ' . $this->compileIgnore('insert') . 'INTO ' . $this->getFullName($table)
-                . ' (' . implode(', ', $keys) . ")\n%s";
+                . ' (' . implode(', ', $keys) . ")\n{:_table_:}";
 
             $this->QBOptions['sql'] = $sql;
         }
@@ -196,7 +196,7 @@ protected function _insertBatch(string $table, array $keys, array $values): stri
             $data = 'VALUES ' . implode(', ', $this->formatValues($values));
         }
 
-        return sprintf($sql, $data);
+        return str_replace('{:_table_:}', $data, $sql);
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -200,7 +200,7 @@ protected function _insertBatch(string $table, array $keys, array $values): stri`
`200`	`200`
`201`	`201`	`// if this is the first iteration of batch then we need to build skeleton sql`
`202`	`202`	`if ($sql === '') {`
`203`		`- $sql = 'INSERT INTO ' . $table . '(' . implode(', ', $keys) . ")\n%s\n";`
	`203`	`+ $sql = 'INSERT INTO ' . $table . '(' . implode(', ', $keys) . ")\n{:_table_:}\n";`
`204`	`204`
`205`	`205`	`$sql .= $this->compileIgnore('insert');`
`206`	`206`
`@@ -213,7 +213,7 @@ protected function _insertBatch(string $table, array $keys, array $values): stri`
`213`	`213`	`$data = 'VALUES ' . implode(', ', $this->formatValues($values));`
`214`	`214`	`}`
`215`	`215`
`216`		`- return sprintf($sql, $data);`
	`216`	`+ return str_replace('{:_table_:}', $data, $sql);`
`217`	`217`	`}`
`218`	`218`
`219`	`219`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -185,7 +185,7 @@ protected function _insertBatch(string $table, array $keys, array $values): stri`
`185`	`185`	`// if this is the first iteration of batch then we need to build skeleton sql`
`186`	`186`	`if ($sql === '') {`
`187`	`187`	`$sql = 'INSERT ' . $this->compileIgnore('insert') . 'INTO ' . $this->getFullName($table)`
`188`		`- . ' (' . implode(', ', $keys) . ")\n%s";`
	`188`	`+ . ' (' . implode(', ', $keys) . ")\n{:_table_:}";`
`189`	`189`
`190`	`190`	`$this->QBOptions['sql'] = $sql;`
`191`	`191`	`}`
`@@ -196,7 +196,7 @@ protected function _insertBatch(string $table, array $keys, array $values): stri`
`196`	`196`	`$data = 'VALUES ' . implode(', ', $this->formatValues($values));`
`197`	`197`	`}`
`198`	`198`
`199`		`- return sprintf($sql, $data);`
	`199`	`+ return str_replace('{:_table_:}', $data, $sql);`
`200`	`200`	`}`
`201`	`201`
`202`	`202`	`/**`