Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion SOLVED! Active Record Class block sql function
SOLVED! Active Record Class block sql function
  • El Forum
    Guest
  •  
#1
07-21-2009, 11:08 PM

[eluser]basementDUDE[/eluser]
$data = array('cat_name' => $c_name,'mod_time' => 'now()');

I try to insert that into my table using:
$this->db->insert('Category', $data);

and the col of mod_time give me this:
0000-00-00 00:00:00

I think active record class put a quote around the sql now() function.

Is that a way to insert sql function in this class? please help.
  • El Forum
    Guest
  •  
#2
07-21-2009, 11:21 PM

[eluser]basementDUDE[/eluser]
I salved that problem using Query Bindings, but it that a solution using Active Record Class instead?
  • El Forum
    Guest
  •  
#3
07-21-2009, 11:33 PM

[eluser]David Johansson[/eluser]
You should try your theory by echoing the last query after using the active record class
Code:
echo $this->db->last_query();
. Then you can see if any backticks are added. If they are, there might be some improvement needed for the _protect_identifiers function in the db class or at least an option for no ascaping when using the insert function.
  • El Forum
    Guest
  •  
#4
07-22-2009, 12:21 AM

[eluser]basementDUDE[/eluser]
[quote author="David Johansson" date="1248258808"]You should try your theory by echoing the last query after using the active record class
Code:
echo $this->db->last_query();
. Then you can see if any backticks are added. If they are, there might be some improvement needed for the _protect_identifiers function in the db class or at least an option for no ascaping when using the insert function.[/quote]
thanks man.
Confirmed. Active record class add that backticks on my sql statement.
I think I have to use query blinding in this case. That's no solution.
  • El Forum
    Guest
  •  
#5
07-22-2009, 02:03 AM

[eluser]davidbehler[/eluser]
Code:
$this->db->set('mod_time', 'NOW()', FALSE);
$this->db->set('cat_name', '$c_name');
$this->db->insert('Category');

The third parameter of the set method allows you to disable escaping.
  • El Forum
    Guest
  •  
#6
07-22-2009, 05:07 AM

[eluser]basementDUDE[/eluser]
[quote author="waldmeister" date="1248267785"]
Code:
$this->db->set('mod_time', 'NOW()', FALSE);
$this->db->set('cat_name', '$c_name');
$this->db->insert('Category');

The third parameter of the set method allows you to disable escaping.[/quote]
thanks waldmeister, I should read user-guide more carefully Smile
  • El Forum
    Guest
  •  
#7
07-22-2009, 06:54 AM

[eluser]David Johansson[/eluser]
should you then escape the field name manually?
  • El Forum
    Guest
  •  
#8
07-22-2009, 07:00 AM

[eluser]davidbehler[/eluser]
You only disable escaping if you are sure, that you don't need escaping. E.g. if you use SQL functions like NOW().

You should never disable escaping if you are working with values entered by a user.




Theme © iAndrew 2016 - Forum software by © MyBB