[eluser]miau[/eluser]
Hi,
I'm a bit confused with automatic query escaping in CI.
Manual recommends this approach:
Code:
$sql = "SELECT * FROM some_table WHERE id = ? AND status = ? AND author = ?";
$this->db->query($sql, array(3, 'live', 'Rick'));
But when I run this code on my machine:
Code:
$sql = 'test\\';
$this->db->query("select user_id from user where name=?", array($sql));
i get:
Quote:An Error Was Encountered
Error Number: 1064
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''ds\'' at line 1
select * from user where name='ds\'
My config:
* Apache 2.0.59
* PHP 5.2.4, magic_quotes_gpc=Off
* MySql 5.0.5
There's a lot on discussion on this topic, but i haven't found any clear answer how can I use automatic escaping instead of doing manual escape on each variable used in SQL query.
BTW maybe it's a good idea to add a notice in manual that query bindings doesn't work?
Greetings !
miau