Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming has query escaping problem been fixed in 1.7?
has query escaping problem been fixed in 1.7?
  • El Forum
    Guest
  •  
#1
01-08-2009, 05:32 AM

[eluser]a_z_[/eluser]
Hello all,

Like some other people that have posted, I upgraded to v1.7
and many of my queries are now broken because CI is being a
bit overzealous in escaping things with backticks.

I know that I can turn this off in some of the Active Record
functions by passing FALSE as a second or third parameter.
But my application is large and has many queries spread across
many models. So addressing this on a query by query basis is
not very practical for me.

Has this problem been fixed? Or alternatively, is there a way
to turn off this type of escaping globally?

I think CI is a fantastic framework and I'm eager to get things
running smoothly like they were under v.1.6.3

thanks,
az
  • El Forum
    Guest
  •  
#2
01-08-2009, 06:05 AM

[eluser]Phil Sturgeon[/eluser]
This is not a problem, its a new feature and standard way of working in 1.7, so I'm sorry to say it wont be changed back.

The only two options available are update your AR calls, or stay with 1.6.3. Confusedhut:
  • El Forum
    Guest
  •  
#3
01-09-2009, 12:32 AM

[eluser]Bogdan Tanase[/eluser]
Hmm... if I remember correctly CI 1.7 escapes stuff that shouldn't normally escape, like some SQL keywords, * symbol; I don't think this is "standard", or at least it shouldn't be...
  • El Forum
    Guest
  •  
#4
01-09-2009, 04:41 AM

[eluser]Phil Sturgeon[/eluser]
Well the AR is not meant as a standard SQL implementation, it is a new way of doing things based on SQL. Mixing AR and pure SQL will always cause you issues, more-so now that in the past as the dev team get stricter on what is allowed in the AR functions.

It makes sense really. If you want to do a simple query, use AR. If you want sub-queries, unions, boolen searches, etc, use pure SQL with query().
  • El Forum
    Guest
  •  
#5
01-09-2009, 06:30 PM

[eluser]a_z_[/eluser]
Hi guys,

Thanks for the responses.

pyromaniac, I see what you are saying, but just so we're clear,
I'm not talking about very sophisticated queries here. E.g.:

$this->db->select('count(results.idnum) as totalresults');

This works great in CI 1.6.3, but under 1.7 it chokes unless
I add FALSE as a second parameter. I agree that Active
Record may not be appropriate for complex queries, but I
currently have a large number of pretty simple queries
that work fine under 1.6.3, and it's a shame that they won't
work under 1.7.

I think Active Record is a great way to put database calls
together and I'm concerned that this new feature makes it
significantly less useful.

thanks,
az




Theme © iAndrew 2016 - Forum software by © MyBB