• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Active record where/or_where question?

#1
[eluser]JasonS[/eluser]
This is what I have at the moment.

Code:
$this->db->where('id', $id);
$this->db->or_where('winner', $this->session->userdata('id'));
$this->db->or_where('author', $this->session->userdata('id'));

I want to look for the following

id is equal to $id
where user is either winner or author

How do I do this with the active record class?

#2
[eluser]xwero[/eluser]
The problem is the AR library has no option to add parenthesis so the where part of the snippet you provided will output
WHERE id = 1 OR winner = 1000 OR author = 1000
But you want
WHERE id = 1 AND (winner = 1000 OR author = 1000)

To make it happen and escape the data to prevent sql attacks at the same time you will have to do
Code:
$session_id = $this->db->escape($this->userdata->item('id'));
$where = sprintf('id = %d AND (winner = %d OR author = %d)', $this->db->escape($id),$session_id,$session_id);
$this->db->where($where);

#3
[eluser]JasonS[/eluser]
Thanks xwero, I will give that a go. To confirm on another matter. If data is entered via active record it is automatically escaped right?

#4
[eluser]xwero[/eluser]
If you use the methods as mentioned in the userguide they are escaped. If you use a string as parameter you are on your own escaping the values.

#5
[eluser]JasonS[/eluser]
Thats what I thought. Thanks for all your help.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.