+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: insert/update_string (/showthread.php?tid=4080)
insert/update_string - El Forum - 11-06-2007
[eluser]leonglass[/eluser]
I have a question about these two methods. Are they taking care of every thing I need to worry about when inserting into a db or are there some other issues I should be looking at? Can anyone let me know what is done as part of these methods?
insert/update_string - El Forum - 11-06-2007
[eluser]gtech[/eluser]
$this->db->update_string(); & $this->db->insert_string();
simple returns an SQL query for you to pass to $this->db->query()
eg.. (ripped from documentation)
Code:
...
$data = array('name' => $name, 'email' => $email, 'title' => $title);
$str = $this->db->insert_string('table_name', $data);
$query = $this->db->query($str);
foreach ($query->result() as $row)
{
echo $row->title;
echo $row->name;
echo $row->email;
}
echo 'Total Results: ' . $query->num_rows();
echo $str
...As a personal preference I prefer the active_record class (see databases documentation)
Code:
$data = array('title' => 'title' , 'name' => 'Name' , 'email' => 'email');
// active record class $this->db->insert
$query = $this->db->insert('table_name', $data);
foreach ($query->result() as $row)
{
echo $row->title;
echo $row->name;
echo $row->email;
}
echo 'Total Results: ' . $query->num_rows();see docs for how to use $this->db->update();
Link Here For Docs
insert/update_string - El Forum - 11-06-2007
[eluser]leonglass[/eluser]
Yes but the docs for these two methods state that the strings returned are safer for entering data into the db. I am wondering what is done to them to make them safer and if I would need to do something else to make them completely safe.
insert/update_string - El Forum - 11-06-2007
[eluser]gtech[/eluser]
ah ok..
it will escape the values of the array passed in (if a string) if boolean is set to TRUE/FALSE it sets it to 0 : 1
see
function insert_string()
&
function escape($str)
in:
system\database\drivers\DB_driver.php
the rest depends on the database you use:
postgres and mysql: it seems to add backticks to the table name if it has a . in it
see
function _insert
and
function _escape_table($table)
in
system\database\drivers\<database_name>\<database_name>_driver.php
insert/update_string - El Forum - 11-06-2007
[eluser]leonglass[/eluser]
Thanks will look into that.
insert/update_string - El Forum - 11-06-2007
[eluser]gtech[/eluser]
No probs, the functions are only a few lines long, so quite easy to follow