As I understand, strings passed to db->where() and db->insert() are escaped by default. I see differing results passing strings containing ' and ' or ' or '. insert() processes as expected though where() inserts unwanted whitespace. I'm using CI 3.0.1.
PHP Code:
$col2 = 'foo and bar';
$this->db->select('col1');
$this->db->where(array('col2' => $col2));
$this->db->from('table1');
$this->db->get();
echo $this->db->last_query() . "\n\n";
$this->db->insert('table1', array('col2' => $col2));
echo $this->db->last_query();
Code:
SELECT `col1`
FROM `table1`
WHERE `col2` = 'foo and bar'
INSERT INTO `table1` (`col2`) VALUES ('foo and bar')
I'm unsure if this is a bug as such or misuse on my part. What's the best approach in order to continue usiing the query builder as it's so convenient! Right now I am simply removing duplicate whitespace before running the generated query:
PHP Code:
$this->db->query( preg_replace('/\s{2,}/', ' ', $this->db->get_compiled_select()) );
Any tips appreciated.
