• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Active record where/or_where question?

This is what I have at the moment.

$this->db->where('id', $id);
$this->db->or_where('winner', $this->session->userdata('id'));
$this->db->or_where('author', $this->session->userdata('id'));

I want to look for the following

id is equal to $id
where user is either winner or author

How do I do this with the active record class?

The problem is the AR library has no option to add parenthesis so the where part of the snippet you provided will output
WHERE id = 1 OR winner = 1000 OR author = 1000
But you want
WHERE id = 1 AND (winner = 1000 OR author = 1000)

To make it happen and escape the data to prevent sql attacks at the same time you will have to do
$session_id = $this->db->escape($this->userdata->item('id'));
$where = sprintf('id = %d AND (winner = %d OR author = %d)', $this->db->escape($id),$session_id,$session_id);

Thanks xwero, I will give that a go. To confirm on another matter. If data is entered via active record it is automatically escaped right?

If you use the methods as mentioned in the userguide they are escaped. If you use a string as parameter you are on your own escaping the values.

Thats what I thought. Thanks for all your help.

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.