[eluser]Sergio B[/eluser]
Hello i tried to search the forum for a related bug but It's really hard to put the right keywords together. I don't think I'm the first one to encounter this problem but I'll take the risk to violate a forum rule and post it right away.
So let's go right to the point here is the code:
Code:
$where = "entryId = ?";
$sql = $this->db->update_string("Entry", $update_data, $where);
$query = $this->db->query($sql, array($entryId));
It causes the following error:
Quote:A Database Error Occurred
Error Number: 1064
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '5'\' \'Your team lost yesterday\', \'why where you so at line 1
The string causing the error is a string with some questions surrounded by single quotation marks:
Quote:'Good morning Mr. Oliveira', 'would you like the usual for breakfast?', 'Your team lost yesterday', 'why where you so late?'
So, as you can see CodeIgniter replaced all the ? in the query string returned by update_string for 5 which is the value in the $entryId variable of this statement:
Code:
$query = $this->db->query($sql, array($entryId));
included the ? inside the escaped string.
And that is about it. When using query bindings the values you are going to update, insert or anything else can't have the ? character or CodeIgniter will replace them all.
Thanks for reading. Hope it helps improve the framework.
