CodeIgniter Forums
Real life example of using Query Bindings needed - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24)
+--- Thread: Real life example of using Query Bindings needed (/showthread.php?tid=64285)



Real life example of using Query Bindings needed - cupboy - 02-03-2016

I'm so proud it only took me 10 mins. to login with all the robot checks, etc. Now on to my question. Is there a real life example of how to do this:

$sql = "SELECT * FROM some_table WHERE id IN ? AND status = ? AND author = ?";
$this->db->query($sql, array(array(3, 6), 'live', 'Rick'));

In a real program you will not be hard-coding what is fed into a query, but this is the example on the website. How would I replace those hard-coded values with variables? Where do I store the quotes, inside the variable or outside or some other way?

Here is what my sql statement looks like:
"SELECT * FROM ? WHERE casenum = '?' AND defname LIKE '?%' AND defname LIKE '%,_?%' ORDER BY evDate desc";

The error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''?' WHERE casenum = '?' AND defname LIKE '?%' AND defname LIKE '%,_?%' ORDER BY ' at line 1


RE: Real life example of using Query Bindings needed - kilishan - 02-03-2016

The binding will take care of adding quotes as needed. However, I have run into problems with using it for a list of elements for a WHERE IN statement. For your first example, I believe something like this would work out:

Code:
$ids = [3, 6];
$sql = "SELECT * FROM some_table WHERE id IN ('". implode(',', $ids) ."') AND status = ? AND author = ?";
$this->db->query($sql, ['live', 'Rick']);

From the error on your second query, it sounds like you have quotes around the first ?, also, which isn't needed and would likely cause errors.