• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
problem with query binding

#1
[eluser]andygo[/eluser]
I am creating an insert query in a model.

I send an associative array of key => value pairs to the model.
(key = field name. value = field value)

I create a list of field names and a list of values and then construct the sql statement....

Eg:
Code:
function insertquery($query_terms, $table)
{

$dsn = $this->session->userdata('dsn');//**btw - is this a security risk?**
$DB1 = $this->load->database($dsn, TRUE);

$fields = '';
$values = '';
$binding = '';

  foreach($query_terms as $key => $value)
  {
   if($value == ''){$values .= "'NULL',";}else{$values .= "'".$value."',";}
  $fields .= $key.",";
  $binding .= '?,';
  }

//remove the last comma
$fields = rtrim($fields,',');
$values = rtrim($values,',');
$binding = rtrim($binding,',');

$sql = "INSERT INTO $table ($fields) VALUES ($binding)";
$DB1->query($sql, array($values));
//echo $DB1->last_query();
}//end method

If I put the $values directly into the sql statement it works fine. If I put the values in the array (as above) it escapes all the single quotes and the sql insert fails....

Could anyone help me out here?
Thanks

EDIT:
Standby ......I think i've sussed it...something to do with the list/array i put in the query()

EDIT2:
from code above....
$values[] = $value;
and
array($values) should just be $values
$DB1->query($sql, $values);


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.