CodeIgniter Forums
[CI3] db->update_string() and bindings - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Development (https://forum.codeigniter.com/forum-6.html)
+--- Forum: Issues (https://forum.codeigniter.com/forum-19.html)
+--- Thread: [CI3] db->update_string() and bindings (/thread-1470.html)



[CI3] db->update_string() and bindings - Samutz - 03-12-2015

I currently upgrading one of my applications from CI 2.x (I forgot the exact version) to 3.0rc3 and noticed this difference which I didn't see mentioned in the upgrade guide.

In 2.x:
PHP Code:
$name 'james';
$data = array('foo' => 'bar');
$sql $this->db->update_string('table'$data'name = ?');
// $sql is now "UPDATE `table` SET `foo` = 'bar' WHERE name = ?";
$this->db->query($sql, array($name));
// executed query is "UPDATE `table` SET `foo` = 'bar' WHERE name = 'james'"; 

However, now in 3.0rc3:
PHP Code:
$sql $this->db->update_string('table'$data'name = ?');
// $sql is now "UPDATE `table` SET `foo` = 'bar' WHERE `name` = `?`";
$this->db->query($sql, array($name));
// executed query is "UPDATE `table` SET `foo` = 'bar' WHERE `name` = `'james'`"; 
And so I get an SQL error on `'james'` because it's treating it like a table name. I get that it's wrapping the fields in tildes, but can it be updated to not wrap question marks?

Of course I can get around this by doing somethings like:
PHP Code:
$sql $this->db->update_string('table'$data'name = '.$this->db->escape($name));
$this->db->query($sql);
// executed query is "UPDATE `table` SET `foo` = 'bar' WHERE `name` = 'james'" 
But I was wondering if this new behavior is intentional, as I prefer being able to use bindings rather than calling db_escape on each one and also don't want to have update every single update_string() call in my application.

Edit:
After looking at the db class I found that the $where parameter gets run through db->where() now.
So this works fine for me:
PHP Code:
$sql $this->db->update_string('table'$data, array('name' => $name);
$this->db->query($sql);
// executed query is "UPDATE `table` SET `foo` = 'bar' WHERE `name` = 'james'" 
But I would still like to see it take question marks in to consideration for those more complex WHERE clauses.