blob: 3ff8cc70f24a6c54b8617d30aea688f0e7d47446 [file] [log] [blame]
adminfb28bb82006-09-24 17:59:33 +00001<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2<html>
3<head>
4
Derek Allard404e35d2007-08-07 01:00:45 +00005<title>CodeIgniter User Guide : Queries</title>
adminfb28bb82006-09-24 17:59:33 +00006
7<style type='text/css' media='all'>@import url('../userguide.css');</style>
8<link rel='stylesheet' type='text/css' media='all' href='../userguide.css' />
9
admin17a890d2006-09-27 20:42:42 +000010<script type="text/javascript" src="../nav/nav.js"></script>
admin2296fc32006-09-27 21:07:02 +000011<script type="text/javascript" src="../nav/prototype.lite.js"></script>
admin17a890d2006-09-27 20:42:42 +000012<script type="text/javascript" src="../nav/moo.fx.js"></script>
Derek Allardb3412372007-10-25 12:15:16 +000013<script type="text/javascript" src="../nav/user_guide_menu.js"></script>
adminfb28bb82006-09-24 17:59:33 +000014
15<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
16<meta http-equiv='expires' content='-1' />
17<meta http-equiv= 'pragma' content='no-cache' />
18<meta name='robots' content='all' />
19<meta name='author' content='Rick Ellis' />
Derek Allardd2df9bc2007-04-15 17:41:17 +000020<meta name='description' content='CodeIgniter User Guide' />
adminfb28bb82006-09-24 17:59:33 +000021
22</head>
23<body>
24
25<!-- START NAVIGATION -->
26<div id="nav"><div id="nav_inner"><script type="text/javascript">create_menu('../');</script></div></div>
27<div id="nav2"><a name="top"></a><a href="javascript:void(0);" onclick="myHeight.toggle();"><img src="../images/nav_toggle.jpg" width="153" height="44" border="0" title="Toggle Table of Contents" alt="Toggle Table of Contents" /></a></div>
28<div id="masthead">
29<table cellpadding="0" cellspacing="0" border="0" style="width:100%">
30<tr>
Derek Allard39b622d2008-01-16 21:10:09 +000031<td><h1>CodeIgniter User Guide Version 1.6.0</h1></td>
adminc0d5d522006-10-30 19:40:35 +000032<td id="breadcrumb_right"><a href="../toc.html">Table of Contents Page</a></td>
adminfb28bb82006-09-24 17:59:33 +000033</tr>
34</table>
35</div>
36<!-- END NAVIGATION -->
37
38
39<!-- START BREADCRUMB -->
40<table cellpadding="0" cellspacing="0" border="0" style="width:100%">
41<tr>
42<td id="breadcrumb">
Derek Allardd2df9bc2007-04-15 17:41:17 +000043<a href="http://www.codeigniter.com/">CodeIgniter Home</a> &nbsp;&#8250;&nbsp;
adminfb28bb82006-09-24 17:59:33 +000044<a href="../index.html">User Guide Home</a> &nbsp;&#8250;&nbsp;
45<a href="index.html">Database Library</a> &nbsp;&#8250;&nbsp;
46Queries
47</td>
Derek Allardbc030912007-06-24 18:25:29 +000048<td id="searchbox"><form method="get" action="http://www.google.com/search"><input type="hidden" name="as_sitesearch" id="as_sitesearch" value="codeigniter.com/user_guide/" />Search User Guide&nbsp; <input type="text" class="input" style="width:200px;" name="q" id="q" size="31" maxlength="255" value="" />&nbsp;<input type="submit" class="submit" name="sa" value="Go" /></form></td>
adminfb28bb82006-09-24 17:59:33 +000049</tr>
50</table>
51<!-- END BREADCRUMB -->
52
53
54
55<br clear="all" />
56
57
58<!-- START CONTENT -->
59<div id="content">
60
61
62<h1>Queries</h1>
63
64<h2>$this->db->query();</h2>
65
66<p>To submit a query, use the following function:</p>
67
68<code>$this->db->query('YOUR QUERY HERE');</code>
69
70<p>The <dfn>query()</dfn> function returns a database result <strong>object</strong> when "read" type queries are run,
71which you can use to <a href="results.html">show your results</a>. When "write" type queries are run it simply returns TRUE or FALSE
72depending on success or failure. When retrieving data you will typically assign the query to your own variable, like this:</p>
73
74<code><var>$query</var> = $this->db->query('YOUR QUERY HERE');</code>
75
76<h2>$this->db->simple_query();</h2>
77
78<p>This is a simplified version of the <dfn>$this->db->query()</dfn> function. It ONLY returns TRUE/FALSE on success or failure.
admine334c472006-10-21 19:44:22 +000079It DOES NOT return a database result set, nor does it set the query timer, or compile bind data, or store your query for debugging.
adminfb28bb82006-09-24 17:59:33 +000080It simply lets you submit a query. Most users will rarely use this function.</p>
81
82
Derek Allard39b622d2008-01-16 21:10:09 +000083<h1>Protecting identifiers</h1>
84<p>In many databases it is advisable to protect table and field names - for example with backticks in MySQL. Active Record queries are automatically protected, however if you need to manually protect an identifier you can use:</p>
85<p><code>$this-&gt;db-&gt;protect_identifier('table_name');</code></p>
admin78ce3cc2006-10-02 02:58:03 +000086<h1>Escaping Queries</h1>
admine334c472006-10-21 19:44:22 +000087<p>It's a very good security practice to escape your data before submitting it into your database.
Derek Allardd2df9bc2007-04-15 17:41:17 +000088CodeIgniter has two functions that help you do this:</p>
adminfb28bb82006-09-24 17:59:33 +000089
90<ol>
91</li>
admine334c472006-10-21 19:44:22 +000092<li><strong>$this->db->escape()</strong> This function determines the data type so that it
adminfb28bb82006-09-24 17:59:33 +000093can escape only string data. It also automatically adds single quotes around the data so you don't have to:
94
Derek Allardc6441282007-07-04 23:54:32 +000095<code>$sql = "INSERT INTO table (title) VALUES(".$this->db->escape($title).")";</code></li>
adminfb28bb82006-09-24 17:59:33 +000096
97
admine334c472006-10-21 19:44:22 +000098<li><strong>$this->db->escape_str()</strong> This function escapes the data passed to it, regardless of type.
adminfb28bb82006-09-24 17:59:33 +000099Most of the time you'll use the above function rather then this one. Use the function like this:
100
Derek Allardc6441282007-07-04 23:54:32 +0000101<code>$sql = "INSERT INTO table (title) VALUES('".$this->db->escape_str($title)."')";</code></li>
adminfb28bb82006-09-24 17:59:33 +0000102</ol>
103
104
admin78ce3cc2006-10-02 02:58:03 +0000105<h1>Query Bindings</h1>
adminfb28bb82006-09-24 17:59:33 +0000106
107
108<p>Bindings enable you to simplify your query syntax by letting the system put the queries together for you. Consider the following example:</p>
109
110<code>
111$sql = "SELECT * FROM some_table WHERE id = <var>?</var> AND status = <var>?</var> AND author = <var>?</var>";
112<br /><br />
113$this->db->query($sql, array(3, 'live', 'Rick'));
114</code>
115
116<p>The question marks in the query are automatically replaced with the values in the array in the second parameter of the query function.</p>
117<p class="important">The secondary benefit of using binds is that the values are automatically escaped, producing safer queries. You don't have to remember to manually escape data; the engine does it automatically for you.</p>
118
119
120
121</div>
122<!-- END CONTENT -->
123
124
125<div id="footer">
126<p>
127Previous Topic:&nbsp;&nbsp;<a href="connecting.html">Connecting to your Database</a>
128&nbsp;&nbsp;&nbsp;&middot;&nbsp;&nbsp;
129<a href="#top">Top of Page</a>&nbsp;&nbsp;&nbsp;&middot;&nbsp;&nbsp;
130<a href="../index.html">User Guide Home</a>&nbsp;&nbsp;&nbsp;&middot;&nbsp;&nbsp;
131Next Topic:&nbsp;&nbsp;<a href="results.html">Query Results</a>
Derek Allardc6441282007-07-04 23:54:32 +0000132</p>
Derek Allardd2df9bc2007-04-15 17:41:17 +0000133<p><a href="http://www.codeigniter.com">CodeIgniter</a> &nbsp;&middot;&nbsp; Copyright &#169; 2007 &nbsp;&middot;&nbsp; <a href="http://ellislab.com/">Ellislab, Inc.</a></p>
adminfb28bb82006-09-24 17:59:33 +0000134</div>
135
136</body>
137</html>