[eluser]ci_user[/eluser]
Thanks for your input. I now get:
Fatal error: Call to a member function prepare() on a non-object in C:\wamp\ci\core\Loader.php(829) : eval()'d code on line 18
When using
Code:
$sth = $this->db->conn_id->prepare
Do I need to define conn_id somewhere?
[quote author="toopay" date="1336494043"]PDO driver that bundled within CI, was written in a natural and idiomatic CI query builder style.
bindParam is not support by default, because of this. But as long as you intend to do that, to escape the variable(input) within your query string, doing a CI query builder way (an analog way) :
Code:
$query = $this->db->where(array('ITEMNMBR' => $var1, 'PRICELVL' => $var2))->get('mytable');
is generally same, and secure as you did using
prepare and
bindParam.
If you want to use PDO API's instead, you can do so by accesing
conn_id property :
Code:
// create a prepared statement
$sth = $this->db->conn_id->prepare("SELECT * FROM mytable WHERE ITEMNMBR = :var1 AND PRICELVL = :var2");
// bind parameters and execute query
$sth->bindParam(':var1', $var1, PDO::PARAM_STR);
$sth->bindParam(':var2', $var2, PDO::PARAM_STR);
$sth->execute();
[/quote]