CI Escape String |
[eluser]rob897[/eluser]
Sorry I have searched the forums and read the manual and the it seems that CI is not properly escaping forward slashes and keeps throwing an error. Here is my query string: Code: $query = "UPDATE users SET passwd = {$this->db->escape($passwd)}, passwd_encrypted = {$this->db->escape($passwd_encrypted)} WHERE userid = {$this->db->escape($userid)}"; Here is the output from this query: Code: UPDATE users SET passwd = '{sha1}Yp0ycin08fw78QtkuKJPR4V1wlk=', passwd_encrypted = 'cLyBC9gP5tqBrEpJhhL25Ve/fk33gZBm8Fm7i/HfEtY=' WHERE userid = '[email protected]' If the forward slashes are taken out all is well... Should I just use PHP mysql_real_escape_string on these values and skip the $this->db->escap($varible)? thanks -rob
[eluser]Derek Jones[/eluser]
Hi rob, You'll notice if you follow $this->db->escape() that it calls escape_string() in the MySQL driver, which is applying mysql_real_escape_string() if available. That said, mysql_real_escape_string() will not escape forward slashes anyway. What is the error you are getting with your query?
[eluser]rob897[/eluser]
Well I figured out that if the field values do not change it throws an error. Any alteration to one of the fields results in the query working fine... Strange. -rob
[eluser]Derek Jones[/eluser]
What is the full error you are getting with your query when it fails? In your original code sample, you aren't putting quotes around your values, though in your output you show them. Perhaps you just have a general syntax error in your query?
[eluser]rob897[/eluser]
Right the {$this->db->escape($passwd)} puts single quotes around the values for you.. if you add them you will get an error and the output puts 2 sets of single quotes around each of the values. -rob
[eluser]Derek Jones[/eluser]
Yes, right, sorry, I have too many versions of that method floating around in my head. So I still ask (third time now, hehe) what is the error you are getting?
[eluser]rob897[/eluser]
Guess its not an error after all, the thing is I am checking for is: Code: $this->db->affected_rows() Guess I need to find another way to check for this. Sorry for missing your request for the error message. -rob
[eluser]Michael Wales[/eluser]
$this->db->update() should return FALSE upon failure - test for that |
Welcome Guest, Not a member yet? Register Sign In |