Query Helper append to existing field. - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5) +--- Forum: Libraries & Helpers (https://forum.codeigniter.com/forumdisplay.php?fid=11) +--- Thread: Query Helper append to existing field. (/showthread.php?tid=77668) |
Query Helper append to existing field. - imabot - 10-01-2020 Hi! With CodeIgniter 3, I would like to append a string to an existing field. I did something like : PHP Code: $this->db->where('id', $id); I don't really like "not escaping" the user input. What is the right and secure way to append a string to an existing field ? RE: Query Helper append to existing field. - InsiteFX - 10-01-2020 If you use double quote marks you can do it like this. PHP Code: $this->db->set('field', "CONCAT(field, {$string})", false); RE: Query Helper append to existing field. - imabot - 10-04-2020 (10-01-2020, 12:37 PM)InsiteFX Wrote: If you use double quote marks you can do it like this. Thank you, but I don't see why this is safer? RE: Query Helper append to existing field. - includebeer - 10-04-2020 @InsiteFX This is just different syntax for the same result. It doesn’t escape the value and it’s not more secure. @Imabot Use the escape function, see https://codeigniter4.github.io/userguide/database/queries.html#escaping-queries PHP Code: $this->db->set('field', "CONCAT(field, " . $this->db->escape($string) . ")", false); |