blob: b69f2260ee79fcf1d60fcaefb25f0572ea0c0e64 [file] [log] [blame]
Derek Allard2067d1a2008-11-13 22:59:24 +00001<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
3<head>
4
5<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
6<title>Queries : CodeIgniter User Guide</title>
7
8<style type='text/css' media='all'>@import url('../userguide.css');</style>
9<link rel='stylesheet' type='text/css' media='all' href='../userguide.css' />
10
11<script type="text/javascript" src="../nav/nav.js"></script>
12<script type="text/javascript" src="../nav/prototype.lite.js"></script>
13<script type="text/javascript" src="../nav/moo.fx.js"></script>
14<script type="text/javascript" src="../nav/user_guide_menu.js"></script>
15
16<meta http-equiv='expires' content='-1' />
17<meta http-equiv= 'pragma' content='no-cache' />
18<meta name='robots' content='all' />
19<meta name='author' content='ExpressionEngine Dev Team' />
20<meta name='description' content='CodeIgniter User Guide' />
21
22</head>
23<body>
24
25<!-- START NAVIGATION -->
26<div id="nav"><div id="nav_inner"><script type="text/javascript">create_menu('../');</script></div></div>
27<div id="nav2"><a name="top"></a><a href="javascript:void(0);" onclick="myHeight.toggle();"><img src="../images/nav_toggle_darker.jpg" width="154" height="43" border="0" title="Toggle Table of Contents" alt="Toggle Table of Contents" /></a></div>
28<div id="masthead">
29<table cellpadding="0" cellspacing="0" border="0" style="width:100%">
30<tr>
Phil Sturgeon0e3263b2011-03-10 16:37:35 +000031<td><h1>CodeIgniter User Guide Version 2.0.1</h1></td>
Derek Allard2067d1a2008-11-13 22:59:24 +000032<td id="breadcrumb_right"><a href="../toc.html">Table of Contents Page</a></td>
33</tr>
34</table>
35</div>
36<!-- END NAVIGATION -->
37
38
39<!-- START BREADCRUMB -->
40<table cellpadding="0" cellspacing="0" border="0" style="width:100%">
41<tr>
42<td id="breadcrumb">
43<a href="http://codeigniter.com/">CodeIgniter Home</a> &nbsp;&#8250;&nbsp;
44<a href="../index.html">User Guide Home</a> &nbsp;&#8250;&nbsp;
45<a href="index.html">Database Library</a> &nbsp;&#8250;&nbsp;
46Queries
47</td>
48<td id="searchbox"><form method="get" action="http://www.google.com/search"><input type="hidden" name="as_sitesearch" id="as_sitesearch" value="codeigniter.com/user_guide/" />Search User Guide&nbsp; <input type="text" class="input" style="width:200px;" name="q" id="q" size="31" maxlength="255" value="" />&nbsp;<input type="submit" class="submit" name="sa" value="Go" /></form></td>
49</tr>
50</table>
51<!-- END BREADCRUMB -->
52
53
54
55<br clear="all" />
56
57
58<!-- START CONTENT -->
59<div id="content">
60
61
62<h1>Queries</h1>
63
64<h2>$this->db->query();</h2>
65
66<p>To submit a query, use the following function:</p>
67
68<code>$this->db->query('YOUR QUERY HERE');</code>
69
70<p>The <dfn>query()</dfn> function returns a database result <strong>object</strong> when "read" type queries are run,
71which you can use to <a href="results.html">show your results</a>. When "write" type queries are run it simply returns TRUE or FALSE
72depending on success or failure. When retrieving data you will typically assign the query to your own variable, like this:</p>
73
74<code><var>$query</var> = $this->db->query('YOUR QUERY HERE');</code>
75
76<h2>$this->db->simple_query();</h2>
77
78<p>This is a simplified version of the <dfn>$this->db->query()</dfn> function. It ONLY returns TRUE/FALSE on success or failure.
79It DOES NOT return a database result set, nor does it set the query timer, or compile bind data, or store your query for debugging.
80It simply lets you submit a query. Most users will rarely use this function.</p>
81
82
83<h1>Adding Database prefixes manually</h1>
84<p>If you have configured a database prefix and would like to add it in manually for, you can use the following.</p>
85<p><code>$this-&gt;db-&gt;dbprefix('tablename');<br />
86// outputs prefix_tablename</code></p>
87
88
89<h1>Protecting identifiers</h1>
90<p>In many databases it is advisable to protect table and field names - for example with backticks in MySQL. <strong>Active Record queries are automatically protected</strong>, however if you need to manually protect an identifier you can use:</p>
91<p><code>$this-&gt;db-&gt;protect_identifiers('table_name');</code></p>
92
93<p>This function will also add a table prefix to your table, assuming you have a prefix specified in your database config file. To enable the prefixing set <kbd>TRUE</kbd> (boolen) via the second parameter:</p>
94<p><code>$this-&gt;db-&gt;protect_identifiers('table_name', <kbd>TRUE</kbd>);</code></p>
95
96
97<h1>Escaping Queries</h1>
98<p>It's a very good security practice to escape your data before submitting it into your database.
Derek Jonese4ed5832009-02-20 21:44:59 +000099CodeIgniter has three methods that help you do this:</p>
Derek Allard2067d1a2008-11-13 22:59:24 +0000100
101<ol>
102<li><strong>$this->db->escape()</strong> This function determines the data type so that it
103can escape only string data. It also automatically adds single quotes around the data so you don't have to:
104
105<code>$sql = "INSERT INTO table (title) VALUES(".$this->db->escape($title).")";</code></li>
106
107<li><strong>$this->db->escape_str()</strong> This function escapes the data passed to it, regardless of type.
108Most of the time you'll use the above function rather than this one. Use the function like this:
109
110<code>$sql = "INSERT INTO table (title) VALUES('".$this->db->escape_str($title)."')";</code></li>
Derek Jonese4ed5832009-02-20 21:44:59 +0000111
112<li><strong>$this->db->escape_like_str()</strong> This method should be used when strings are to be used in LIKE
113conditions so that LIKE wildcards ('%', '_') in the string are also properly escaped.
114
115<code>$search = '20% raise';<br />
Derek Allardf597dd12010-07-05 07:43:46 -0400116$sql = "SELECT id FROM table WHERE column LIKE '%".$this->db->escape_like_str($search)."%'";</code></li>
Derek Jonese4ed5832009-02-20 21:44:59 +0000117
Derek Allard2067d1a2008-11-13 22:59:24 +0000118</ol>
119
120
121<h1>Query Bindings</h1>
122
123
124<p>Bindings enable you to simplify your query syntax by letting the system put the queries together for you. Consider the following example:</p>
125
126<code>
127$sql = "SELECT * FROM some_table WHERE id = <var>?</var> AND status = <var>?</var> AND author = <var>?</var>";
128<br /><br />
129$this->db->query($sql, array(3, 'live', 'Rick'));
130</code>
131
132<p>The question marks in the query are automatically replaced with the values in the array in the second parameter of the query function.</p>
133<p class="important">The secondary benefit of using binds is that the values are automatically escaped, producing safer queries. You don't have to remember to manually escape data; the engine does it automatically for you.</p>
134
Barry Mienydd671972010-10-04 16:33:58 +0200135
Derek Allard2067d1a2008-11-13 22:59:24 +0000136
137</div>
138<!-- END CONTENT -->
139
140
141<div id="footer">
142<p>
143Previous Topic:&nbsp;&nbsp;<a href="connecting.html">Connecting to your Database</a>
144&nbsp;&nbsp;&nbsp;&middot;&nbsp;&nbsp;
145<a href="#top">Top of Page</a>&nbsp;&nbsp;&nbsp;&middot;&nbsp;&nbsp;
146<a href="../index.html">User Guide Home</a>&nbsp;&nbsp;&nbsp;&middot;&nbsp;&nbsp;
147Next Topic:&nbsp;&nbsp;<a href="results.html">Query Results</a>
148</p>
Derek Jones898949f2011-01-28 07:42:16 -0600149<p><a href="http://codeigniter.com">CodeIgniter</a> &nbsp;&middot;&nbsp; Copyright &#169; 2006 - 2011 &nbsp;&middot;&nbsp; <a href="http://ellislab.com/">EllisLab, Inc.</a></p>
Derek Allard2067d1a2008-11-13 22:59:24 +0000150</div>
151
152</body>
adminfb28bb82006-09-24 17:59:33 +0000153</html>