Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / e334c472fb4be44feec3a73402fc4a2b062cbfc0 / . / user_guide / database / queries.html
blob: e558e3d8b3677241404e576d64223f751f616f3a [file] [log] [blame]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Code Igniter User Guide</title>
<style type='text/css' media='all'>@import url('../userguide.css');</style>
<link rel='stylesheet' type='text/css' media='all' href='../userguide.css' />
<script type="text/javascript" src="../nav/nav.js"></script>
<script type="text/javascript" src="../nav/prototype.lite.js"></script>
<script type="text/javascript" src="../nav/moo.fx.js"></script>
<script type="text/javascript">
window.onload = function() {
myHeight = new fx.Height('nav', {duration: 400});
myHeight.hide();
}
</script>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv='expires' content='-1' />
<meta http-equiv= 'pragma' content='no-cache' />
<meta name='robots' content='all' />
<meta name='author' content='Rick Ellis' />
<meta name='description' content='Code Igniter User Guide' />
</head>
<body>
<!-- START NAVIGATION -->
<div id="nav"><div id="nav_inner"><script type="text/javascript">create_menu('../');</script></div></div>
<div id="nav2"><a name="top"></a><a href="javascript:void(0);" onclick="myHeight.toggle();"><img src="../images/nav_toggle.jpg" width="153" height="44" border="0" title="Toggle Table of Contents" alt="Toggle Table of Contents" /></a></div>
<div id="masthead">
<table cellpadding="0" cellspacing="0" border="0" style="width:100%">
<tr>
<td><h1>Code Igniter User Guide Version 1.5.0b3</h1></td>
<td id="breadcrumb_right"><a href="../toc.html">Linear Table of Contents</a></td>
</tr>
</table>
</div>
<!-- END NAVIGATION -->
<!-- START BREADCRUMB -->
<table cellpadding="0" cellspacing="0" border="0" style="width:100%">
<tr>
<td id="breadcrumb">
<a href="http://www.codeigniter.com/">Code Igniter Home</a> &nbsp;&#8250;&nbsp;
<a href="../index.html">User Guide Home</a> &nbsp;&#8250;&nbsp;
<a href="index.html">Database Library</a> &nbsp;&#8250;&nbsp;
Queries
</td>
<td id="searchbox"><form method="get" action="http://www.google.com/search"><input type="hidden" name="as_sitesearch" id="as_sitesearch" value="www.codeigniter.com/user_guide/" />Search User Guide&nbsp; <input type="text" class="input" style="width:200px;" name="q" id="q" size="31" maxlength="255" value="" />&nbsp;<input type="submit" class="submit" name="sa" value="Go" /></form></td>
</tr>
</table>
<!-- END BREADCRUMB -->
<br clear="all" />
<!-- START CONTENT -->
<div id="content">
<h1>Queries</h1>
<h2>$this->db->query();</h2>
<p>To submit a query, use the following function:</p>
<code>$this->db->query('YOUR QUERY HERE');</code>
<p>The <dfn>query()</dfn> function returns a database result <strong>object</strong> when "read" type queries are run,
which you can use to <a href="results.html">show your results</a>. When "write" type queries are run it simply returns TRUE or FALSE
depending on success or failure. When retrieving data you will typically assign the query to your own variable, like this:</p>
<code><var>$query</var> = $this->db->query('YOUR QUERY HERE');</code>
<h2>$this->db->simple_query();</h2>
<p>This is a simplified version of the <dfn>$this->db->query()</dfn> function. It ONLY returns TRUE/FALSE on success or failure.
It DOES NOT return a database result set, nor does it set the query timer, or compile bind data, or store your query for debugging.
It simply lets you submit a query. Most users will rarely use this function.</p>
<h1>Escaping Queries</h1>
<p>It's a very good security practice to escape your data before submitting it into your database.
Code Igniter has two functions that help you do this:</p>
<ol>
</li>
<li><strong>$this->db->escape()</strong> This function determines the data type so that it
can escape only string data. It also automatically adds single quotes around the data so you don't have to:
<code>$sql = "INSERT INTO table (title) VALUES(".$this->db->escape($title).")";</code>
<li><strong>$this->db->escape_str()</strong> This function escapes the data passed to it, regardless of type.
Most of the time you'll use the above function rather then this one. Use the function like this:
<code>$sql = "INSERT INTO table (title) VALUES('".$this->db->escape_str($title)."')";</code>
</li>
</ol>
<h1>Query Bindings</h1>
<p>Bindings enable you to simplify your query syntax by letting the system put the queries together for you. Consider the following example:</p>
<code>
$sql = "SELECT * FROM some_table WHERE id = <var>?</var> AND status = <var>?</var> AND author = <var>?</var>";
<br /><br />
$this->db->query($sql, array(3, 'live', 'Rick'));
</code>
<p>The question marks in the query are automatically replaced with the values in the array in the second parameter of the query function.</p>
<p class="important">The secondary benefit of using binds is that the values are automatically escaped, producing safer queries. You don't have to remember to manually escape data; the engine does it automatically for you.</p>
</div>
<!-- END CONTENT -->
<div id="footer">
<p>
Previous Topic:&nbsp;&nbsp;<a href="connecting.html">Connecting to your Database</a>
&nbsp;&nbsp;&nbsp;&middot;&nbsp;&nbsp;
<a href="#top">Top of Page</a>&nbsp;&nbsp;&nbsp;&middot;&nbsp;&nbsp;
<a href="../index.html">User Guide Home</a>&nbsp;&nbsp;&nbsp;&middot;&nbsp;&nbsp;
Next Topic:&nbsp;&nbsp;<a href="results.html">Query Results</a>
<p>
<p><a href="http://www.codeigniter.com">Code Igniter</a> &nbsp;&middot;&nbsp; Copyright &#169; 2006 &nbsp;&middot;&nbsp; <a href="http://www.pmachine.com">pMachine, Inc.</a></p>
</div>
</body>
</html>