Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help Escape string before inserting in a query
Escape string before inserting in a query
  • Offline php_rocs
    Administrator
  • *******
  • Posts: 1,416
    Threads: 104
    Joined: Jun 2016
    Reputation: 73
#6
06-07-2018, 09:52 AM
(This post was last modified: 06-07-2018, 03:25 PM by php_rocs.)

I too prefer query binding too because as the CI documentation says... The secondary benefit of using binds is that the values are automatically escaped, producing safer queries. You don’t have to remember to manually escape data; the engine does it automatically for you.



@glorsh66, I've been able to write some pretty complex queries using the CI query builder...for example


PHP Code:
public function Complex_query($userid)
{
$year date("Y");

// complex query
$qry "select * from Table1 t1
       LEFT OUTER JOIN (
       Select * from Table2 where userid = ? and year = ?) t2 ON t1.fk = t2.id
       UNION
       Select * FROM Table1 t1
       RIGHT OUTER JOIN Table2 t2 ON t1.fk = t2.id;";

// array of variables in order
$var = [$userid,$year];

// query builder with binding
$query $this->CI->db->query($qry,$var);


return ($query->num_rows() > 0) ? $query->result_array() : FALSE;

Reply


Messages In This Thread
RE: Escape string before inserting in a query - by php_rocs - 06-07-2018, 09:52 AM



Theme © iAndrew 2016 - Forum software by © MyBB