Welcome Guest, Not a member yet? Register   Sign In
Escape behaviour select vs insert
#1

As I understand, strings passed to db->where() and db->insert() are escaped by default.  I see differing results passing strings containing ' and ' or ' or '.  insert() processes as expected though where() inserts unwanted whitespace.  I'm using CI 3.0.1.

PHP Code:
$col2 'foo and bar';
$this->db->select('col1');
$this->db->where(array('col2' => $col2));
$this->db->from('table1');        
$this
->db->get();
echo 
$this->db->last_query() . "\n\n";
$this->db->insert('table1', array('col2' => $col2));
echo 
$this->db->last_query(); 
Code:
SELECT `col1`
FROM `table1`
WHERE `col2` = 'foo and  bar'

INSERT INTO `table1` (`col2`) VALUES ('foo and bar')

I'm unsure if this is a bug as such or misuse on my part.  What's the best approach in order to continue usiing the query builder as it's so convenient!  Right now I am simply removing duplicate whitespace before running the generated query:


PHP Code:
$this->db->querypreg_replace('/\s{2,}/'' '$this->db->get_compiled_select()) ); 

Any tips appreciated.
Reply
#2

https://github.com/bcit-ci/CodeIgniter/issues/4093

... and I believe this was also posted once more here on the forums.
Reply
#3

(09-23-2015, 05:14 AM)Narf Wrote: https://github.com/bcit-ci/CodeIgniter/issues/4093

... and I believe this was also posted once more here on the forums.

I missed both despite a prolonged search before posting.
Thanks for the reply.  Much appreciated.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB