Welcome Guest, Not a member yet? Register   Sign In
Query Helper append to existing field.
#1

(This post was last modified: 10-01-2020, 07:34 AM by imabot.)

Hi! With CodeIgniter 3, I would like to append a string to an existing field. I did something like :

PHP Code:
$this->db->where('id'$id);
$this->db->set('field'"CONCAT(field, '" $string."')"false);
$this->db->update('mytable'); 

I don't really like "not escaping" the user input. What is the right and secure way to append a string to an existing field ?
Reply
#2

If you use double quote marks you can do it like this.

PHP Code:
$this->db->set('field'"CONCAT(field, {$string})"false); 
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#3

(10-01-2020, 12:37 PM)InsiteFX Wrote: If you use double quote marks you can do it like this.

PHP Code:
$this->db->set('field'"CONCAT(field, {$string})"false); 

Thank you, but I don't see why this is safer?
Reply
#4

@InsiteFX This is just different syntax for the same result. It doesn’t escape the value and it’s not more secure.

@Imabot Use the escape function, see https://codeigniter4.github.io/userguide...ng-queries

PHP Code:
$this->db->set('field'"CONCAT(field, " $this->db->escape($string) . ")"false); 
CodeIgniter 4 tutorials (EN/FR) - https://includebeer.com
Reply




Theme © iAndrew 2016 - Forum software by © MyBB