use query bindings instead of sprintf()

oleg1540 · oleg1540 · commit 8f82e4e1f27f · 2019-10-08T23:34:10.000+03:00
diff --git a/system/Database/Forge.php b/system/Database/Forge.php
@@ -279,8 +279,8 @@ private function databaseExists(string $dbName): bool
 
 			return false;
 		}
-		
-		return $this->db->query(sprintf($this->checkDatabaseExistStr, $this->db->escape($dbName)))->getRow() !== null;
+
+		return $this->db->query($this->checkDatabaseExistStr, $dbName)->getRow() !== null;
 	}
 
 	//--------------------------------------------------------------------
diff --git a/system/Database/Postgre/Forge.php b/system/Database/Postgre/Forge.php
@@ -49,7 +49,7 @@ class Forge extends \CodeIgniter\Database\Forge
      *
      * @var string
      */
-	protected $checkDatabaseExistStr = 'SELECT 1 FROM pg_database WHERE datname = %s';
+	protected $checkDatabaseExistStr = 'SELECT 1 FROM pg_database WHERE datname = ?';
 	
 	/**
 	 * DROP CONSTRAINT statement

Original file line number	Diff line number	Diff line change
`@@ -279,8 +279,8 @@ private function databaseExists(string $dbName): bool`
`279`	`279`
`280`	`280`	`return false;`
`281`	`281`	`}`
`282`		`-`
`283`		`- return $this->db->query(sprintf($this->checkDatabaseExistStr, $this->db->escape($dbName)))->getRow() !== null;`
	`282`	`+`
	`283`	`+ return $this->db->query($this->checkDatabaseExistStr, $dbName)->getRow() !== null;`
`284`	`284`	`}`
`285`	`285`
`286`	`286`	`//--------------------------------------------------------------------`
Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,7 @@ class Forge extends \CodeIgniter\Database\Forge`
`49`	`49`	`*`
`50`	`50`	`* @var string`
`51`	`51`	`*/`
`52`		`- protected $checkDatabaseExistStr = 'SELECT 1 FROM pg_database WHERE datname = %s';`
	`52`	`+ protected $checkDatabaseExistStr = 'SELECT 1 FROM pg_database WHERE datname = ?';`
`53`	`53`
`54`	`54`	`/**`
`55`	`55`	`* DROP CONSTRAINT statement`