I currently upgrading one of my applications from CI 2.x (I forgot the exact version) to 3.0rc3 and noticed this difference which I didn't see mentioned in the upgrade guide.
In 2.x:
PHP Code:
$name = 'james';
$data = array('foo' => 'bar');
$sql = $this->db->update_string('table', $data, 'name = ?');
// $sql is now "UPDATE `table` SET `foo` = 'bar' WHERE name = ?";
$this->db->query($sql, array($name));
// executed query is "UPDATE `table` SET `foo` = 'bar' WHERE name = 'james'";
However, now in 3.0rc3:
PHP Code:
$sql = $this->db->update_string('table', $data, 'name = ?');
// $sql is now "UPDATE `table` SET `foo` = 'bar' WHERE `name` = `?`";
$this->db->query($sql, array($name));
// executed query is "UPDATE `table` SET `foo` = 'bar' WHERE `name` = `'james'`";
And so I get an SQL error on `'james'` because it's treating it like a table name. I get that it's wrapping the fields in tildes, but can it be updated to not wrap question marks?
Of course I can get around this by doing somethings like:
PHP Code:
$sql = $this->db->update_string('table', $data, 'name = '.$this->db->escape($name));
$this->db->query($sql);
// executed query is "UPDATE `table` SET `foo` = 'bar' WHERE `name` = 'james'"
But I was wondering if this new behavior is intentional, as I prefer being able to use bindings rather than calling db_escape on each one and also don't want to have update every single update_string() call in my application.
Edit:
After looking at the db class I found that the $where parameter gets run through db->where() now.
So this works fine for me:
PHP Code:
$sql = $this->db->update_string('table', $data, array('name' => $name);
$this->db->query($sql);
// executed query is "UPDATE `table` SET `foo` = 'bar' WHERE `name` = 'james'"
But I would still like to see it take question marks in to consideration for those more complex WHERE clauses.