Real life example of using Query Bindings needed - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5) +--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24) +--- Thread: Real life example of using Query Bindings needed (/showthread.php?tid=64285) |
Real life example of using Query Bindings needed - cupboy - 02-03-2016 I'm so proud it only took me 10 mins. to login with all the robot checks, etc. Now on to my question. Is there a real life example of how to do this: $sql = "SELECT * FROM some_table WHERE id IN ? AND status = ? AND author = ?"; $this->db->query($sql, array(array(3, 6), 'live', 'Rick')); In a real program you will not be hard-coding what is fed into a query, but this is the example on the website. How would I replace those hard-coded values with variables? Where do I store the quotes, inside the variable or outside or some other way? Here is what my sql statement looks like: "SELECT * FROM ? WHERE casenum = '?' AND defname LIKE '?%' AND defname LIKE '%,_?%' ORDER BY evDate desc"; The error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''?' WHERE casenum = '?' AND defname LIKE '?%' AND defname LIKE '%,_?%' ORDER BY ' at line 1 RE: Real life example of using Query Bindings needed - kilishan - 02-03-2016 The binding will take care of adding quotes as needed. However, I have run into problems with using it for a list of elements for a WHERE IN statement. For your first example, I believe something like this would work out: Code: $ids = [3, 6]; From the error on your second query, it sounds like you have quotes around the first ?, also, which isn't needed and would likely cause errors. |