Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming CI Escape String
CI Escape String
  • El Forum
    Unregistered
  •  
#1
05-23-2008, 07:31 AM

[eluser]rob897[/eluser]
Sorry I have searched the forums and read the manual and the it seems that CI is not properly escaping forward slashes and keeps throwing an error. Here is my query string:
Code:
$query = "UPDATE users SET passwd = {$this->db->escape($passwd)}, passwd_encrypted = {$this->db->escape($passwd_encrypted)} WHERE userid = {$this->db->escape($userid)}";

Here is the output from this query:
Code:
UPDATE users SET passwd = '{sha1}Yp0ycin08fw78QtkuKJPR4V1wlk=', passwd_encrypted = 'cLyBC9gP5tqBrEpJhhL25Ve/fk33gZBm8Fm7i/HfEtY=' WHERE userid = '[email protected]'

If the forward slashes are taken out all is well... Should I just use PHP mysql_real_escape_string on these values and skip the $this->db->escap($varible)?

thanks
-rob
  • El Forum
    Unregistered
  •  
#2
05-23-2008, 08:01 AM

[eluser]Derek Jones[/eluser]
Hi rob,

You'll notice if you follow $this->db->escape() that it calls escape_string() in the MySQL driver, which is applying mysql_real_escape_string() if available. That said, mysql_real_escape_string() will not escape forward slashes anyway. What is the error you are getting with your query?
  • El Forum
    Unregistered
  •  
#3
05-23-2008, 08:46 AM

[eluser]rob897[/eluser]
Well I figured out that if the field values do not change it throws an error. Any alteration to one of the fields results in the query working fine...
Strange.

-rob
  • El Forum
    Unregistered
  •  
#4
05-23-2008, 08:51 AM

[eluser]Derek Jones[/eluser]
What is the full error you are getting with your query when it fails? In your original code sample, you aren't putting quotes around your values, though in your output you show them. Perhaps you just have a general syntax error in your query?
  • El Forum
    Unregistered
  •  
#5
05-23-2008, 08:55 AM

[eluser]rob897[/eluser]
Right the {$this->db->escape($passwd)} puts single quotes around the values for you.. if you add them you will get an error and the output puts 2 sets of single quotes around each of the values.

-rob
  • El Forum
    Unregistered
  •  
#6
05-23-2008, 09:05 AM

[eluser]Derek Jones[/eluser]
Yes, right, sorry, I have too many versions of that method floating around in my head. So I still ask (third time now, hehe) what is the error you are getting?
  • El Forum
    Unregistered
  •  
#7
05-23-2008, 09:10 AM

[eluser]rob897[/eluser]
Guess its not an error after all, the thing is I am checking for is:
Code:
$this->db->affected_rows()
This is returning 0 rows affected as apparently it knows it does not need to update anything?
Guess I need to find another way to check for this.

Sorry for missing your request for the error message.

-rob
  • El Forum
    Unregistered
  •  
#8
05-23-2008, 09:37 AM

[eluser]Michael Wales[/eluser]
$this->db->update() should return FALSE upon failure - test for that




Theme © iAndrew 2016 - Forum software by © MyBB