insert/update_string |
[eluser]leonglass[/eluser]
I have a question about these two methods. Are they taking care of every thing I need to worry about when inserting into a db or are there some other issues I should be looking at? Can anyone let me know what is done as part of these methods?
[eluser]gtech[/eluser]
$this->db->update_string(); & $this->db->insert_string(); simple returns an SQL query for you to pass to $this->db->query() eg.. (ripped from documentation) Code: ... As a personal preference I prefer the active_record class (see databases documentation) Code: $data = array('title' => 'title' , 'name' => 'Name' , 'email' => 'email'); see docs for how to use $this->db->update(); Link Here For Docs
[eluser]leonglass[/eluser]
Yes but the docs for these two methods state that the strings returned are safer for entering data into the db. I am wondering what is done to them to make them safer and if I would need to do something else to make them completely safe.
[eluser]gtech[/eluser]
ah ok.. it will escape the values of the array passed in (if a string) if boolean is set to TRUE/FALSE it sets it to 0 : 1 see function insert_string() & function escape($str) in: system\database\drivers\DB_driver.php the rest depends on the database you use: postgres and mysql: it seems to add backticks to the table name if it has a . in it see function _insert and function _escape_table($table) in system\database\drivers\<database_name>\<database_name>_driver.php
[eluser]gtech[/eluser]
No probs, the functions are only a few lines long, so quite easy to follow |
Welcome Guest, Not a member yet? Register Sign In |