CodeIgniter Forums
Escape behaviour select vs insert - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6)
+--- Forum: Issues (https://forum.codeigniter.com/forumdisplay.php?fid=19)
+--- Thread: Escape behaviour select vs insert (/showthread.php?tid=63055)



Escape behaviour select vs insert - bod99 - 09-21-2015

As I understand, strings passed to db->where() and db->insert() are escaped by default.  I see differing results passing strings containing ' and ' or ' or '.  insert() processes as expected though where() inserts unwanted whitespace.  I'm using CI 3.0.1.

PHP Code:
$col2 'foo and bar';
$this->db->select('col1');
$this->db->where(array('col2' => $col2));
$this->db->from('table1');        
$this
->db->get();
echo 
$this->db->last_query() . "\n\n";
$this->db->insert('table1', array('col2' => $col2));
echo 
$this->db->last_query(); 
Code:
SELECT `col1`
FROM `table1`
WHERE `col2` = 'foo and  bar'

INSERT INTO `table1` (`col2`) VALUES ('foo and bar')

I'm unsure if this is a bug as such or misuse on my part.  What's the best approach in order to continue usiing the query builder as it's so convenient!  Right now I am simply removing duplicate whitespace before running the generated query:


PHP Code:
$this->db->querypreg_replace('/\s{2,}/'' '$this->db->get_compiled_select()) ); 

Any tips appreciated.


RE: Escape behaviour select vs insert - Narf - 09-23-2015

https://github.com/bcit-ci/CodeIgniter/issues/4093

... and I believe this was also posted once more here on the forums.


RE: Escape behaviour select vs insert - bod99 - 09-24-2015

(09-23-2015, 05:14 AM)Narf Wrote: https://github.com/bcit-ci/CodeIgniter/issues/4093

... and I believe this was also posted once more here on the forums.

I missed both despite a prolonged search before posting.
Thanks for the reply.  Much appreciated.