Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Active record difference $this->db->query() & $this->db->get('table')
Active record difference $this->db->query() & $this->db->get('table')
  • El Forum
    Unregistered
  •  
#1
06-16-2014, 09:42 AM

[eluser]Computerzworld[/eluser]
Hello,
I am executing one simple select query in code igniter using following code.

$this->db->query('select * from tablename where id =1');

I can write the same using following code also.

$this->db->where('id','1');
$query = $this->db->get('tablename');

Is there any difference between these two or they are identical?

Thanks.
  • El Forum
    Unregistered
  •  
#2
06-16-2014, 12:01 PM

[eluser]CroNiX[/eluser]
Active Record automatically protects field/table identifiers, and runs the supplied variables through db::escape(), like mysqli_escape_string(). If you manually write your queries (first example), you need to manually escape all input, especially user input.

So, like:
Code:
$user = $this->input->post('user');
$this->db->query('select * from tablename where user =  ' . $this->db->escape($user)); //manually escape $user

vs
Code:
$user = $this->input->post('user');
$this->db
  ->where('user', $user) // $user automatically escaped
  ->get('tablename')




Theme © iAndrew 2016 - Forum software by © MyBB