Is it possible to make this query using Query Builder, if not how can I make it safe? |
First off - for many projects, there's no need to use Query Builder, and you'll get a (very) slight performance increase from not using it. So, I won't dig into the possibilities of using the query with Query Builder here. Instead, lets look at how to make it safe. This is easy to do using Query Bindings. Basically, replace all instances of variables in your query with a question mark. Then, pass those values as an array to the query() method:
Code: $query_string = "SELECT SUM(author = ? AND email = ? AND approved = 1) AS email_author_approved, " . An even better option, in this case since you re-use $author and $email repeatedly, is to manually escape the values and then inserting them into the query is fine like you had it. You don't need to manually add the single quotes around the variables in the SQL, though, since the escaping will do that for you. Code: $author = $this->db->escape($author); |
Messages In This Thread |
Is it possible to make this query using Query Builder, if not how can I make it safe? - by DreamOfSleeping - 11-30-2015, 04:18 AM
RE: Is it possible to make this query using Query Builder, if not how can I make it safe? - by kilishan - 11-30-2015, 08:26 AM
RE: Is it possible to make this query using Query Builder, if not how can I make it safe? - by DreamOfSleeping - 11-30-2015, 12:50 PM
RE: Is it possible to make this query using Query Builder, if not how can I make it safe? - by meow - 12-15-2015, 09:09 PM
RE: Is it possible to make this query using Query Builder, if not how can I make it safe? - by rtorralba - 11-30-2015, 01:41 PM
RE: Is it possible to make this query using Query Builder, if not how can I make it safe? - by kilishan - 12-15-2015, 09:29 PM
|