• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
problem with query binding

I am creating an insert query in a model.

I send an associative array of key => value pairs to the model.
(key = field name. value = field value)

I create a list of field names and a list of values and then construct the sql statement....

function insertquery($query_terms, $table)

$dsn = $this->session->userdata('dsn');//**btw - is this a security risk?**
$DB1 = $this->load->database($dsn, TRUE);

$fields = '';
$values = '';
$binding = '';

  foreach($query_terms as $key => $value)
   if($value == ''){$values .= "'NULL',";}else{$values .= "'".$value."',";}
  $fields .= $key.",";
  $binding .= '?,';

//remove the last comma
$fields = rtrim($fields,',');
$values = rtrim($values,',');
$binding = rtrim($binding,',');

$sql = "INSERT INTO $table ($fields) VALUES ($binding)";
$DB1->query($sql, array($values));
//echo $DB1->last_query();
}//end method

If I put the $values directly into the sql statement it works fine. If I put the values in the array (as above) it escapes all the single quotes and the sql insert fails....

Could anyone help me out here?

Standby ......I think i've sussed it...something to do with the list/array i put in the query()

from code above....
$values[] = $value;
array($values) should just be $values
$DB1->query($sql, $values);

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.