[eluser]Sinclair[/eluser]
[quote author="jedd" date="1255919960"]You can change the model's method to return a string, rather than a result array.
Consider:
Code:
function getTituloAnuncio($pid_anuncio) {
$query = $this->db->query("SELECT
a.n_anuncio
FROM
atw_anuncios a
WHERE
a.id_anuncio = '".$pid_anuncio."'" );
if ($query->num_rows() != 1)
return FALSE;
$result = $query->row_array();
return $result['a.n_anuncio'];
// Check if the result is a.anuncio or just anuncio -- I never bother to do
// this kind of table rename within a query, especially for such a simple query.
}
Also, why is your controller making this call?
Code:
$title = $this->acomp_model->getTituloAnuncio($pid_anuncio = $this->uri->segment(3)); # Aqui
Surely you can just do this instead:
Code:
$title = $this->acomp_model->getTituloAnuncio ( $this->uri->segment(3) ); # Aqui
Note that in any case you really do want to sanitise your input here, as you're quite exposed to SQL injection. I'd suggest a check in your model, at the very least, to ensure the data passes an
is_numeric() test before you use it. Alternatively use a $this->db->escape() function around the parameter. (I reckon the is_numeric test would be faster.)
Finally, your models should start with a capital letter, unless you're doing something odd. This might bite you when you change file systems / operating systems.[/quote]
It is working. Many Thanks!
I know I'am exposed to SQL injection. I will solve the problem when the website get in a more advanced phase.
Thank you.