Blame - user_guide/libraries/database/queries.html - code-igniter-v3-giggi

blob: bfba04700e1c8c13ab0d432390faa84498f5538d [file] [log] [blame]

admin	b0dd10f	2006-08-25 17:25:49 +0000	[diff] [blame]	1	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
				2	<html>
				3	<head>
				4
				5	<title>Code Igniter User Guide</title>
				6
				7	<style type='text/css' media='all'>@import url('../../userguide.css');</style>
				8	<link rel='stylesheet' type='text/css' media='all' href='../../userguide.css' />
				9
				10	<script type="text/javascript" src="../../scripts/nav.js"></script>
				11	<script type="text/javascript" src="../../scripts/prototype.lite.js"></script>
				12	<script type="text/javascript" src="../../scripts/moo.fx.js"></script>
				13	<script type="text/javascript">
				14	window.onload = function() {
				15	myHeight = new fx.Height('nav', {duration: 400});
				16	myHeight.hide();
				17	}
				18	</script>
				19
				20	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
				21	<meta http-equiv='expires' content='-1' />
				22	<meta http-equiv= 'pragma' content='no-cache' />
				23	<meta name='robots' content='all' />
				24	<meta name='author' content='Rick Ellis' />
				25	<meta name='description' content='Code Igniter User Guide' />
				26
				27	</head>
				28	<body>
				29
				30	<!-- START NAVIGATION -->
				31	<div id="nav"><div id="nav_inner"><script type="text/javascript">create_menu('../../');</script></div></div>
				32	<div id="nav2"><a name="top"></a><a href="javascript:void(0);" onclick="myHeight.toggle();"><img src="../../images/nav_toggle.jpg" width="153" height="44" border="0" title="Toggle Table of Contents" alt="Toggle Table of Contents" /></a></div>
				33	<div id="masthead">
				34	<table cellpadding="0" cellspacing="0" border="0" style="width:100%">
				35	<tr>
admin	9fc347d	2006-09-21 00:00:28 +0000	[diff] [blame]	36	<td><h1>Code Igniter User Guide Version 1.4.1</h1></td>
admin	b0dd10f	2006-08-25 17:25:49 +0000	[diff] [blame]	37	<td id="breadcrumb_right"><a href="../../toc.html">Full Table of Contents</a></td>
				38	</tr>
				39	</table>
				40	</div>
				41	<!-- END NAVIGATION -->
				42
				43
				44	<!-- START BREADCRUMB -->
				45	<table cellpadding="0" cellspacing="0" border="0" style="width:100%">
				46	<tr>
				47	<td id="breadcrumb">
				48	<a href="http://www.codeigniter.com/">Code Igniter Home</a>  ›
				49	<a href="../../index.html">User Guide Home</a>  ›
				50	<a href="index.html">Database Library</a>  ›
				51	Queries
				52	</td>
				53	<td id="searchbox"><form method="get" action="http://www.google.com/search"><input type="hidden" name="as_sitesearch" id="as_sitesearch" value="www.codeigniter.com/user_guide/" />Search User Guide  <input type="text" class="input" style="width:200px;" name="q" id="q" size="31" maxlength="255" value="" /> <input type="submit" class="submit" name="sa" value="Go" /></form></td>
				54	</tr>
				55	</table>
				56	<!-- END BREADCRUMB -->
				57
				58
				59
				60	<br clear="all" />
				61
				62
				63	<!-- START CONTENT -->
				64	<div id="content">
				65
				66
				67	<h1>Queries</h1>
				68
				69	<p>To submit a query, use the following function:</p>
				70
				71	<code>$this->db->query('YOUR QUERY HERE');</code>
				72
				73	<p>The <dfn>query()</dfn> function returns a database result <strong>object</strong>
				74	which you can use to <a href="results.html">show your results</a>. You will typically assign the query to your own variable, like this:</p>
				75
				76	<code><var>$query</var> = $this->db->query('YOUR QUERY HERE');</code>
				77
				78
				79	<h2>Escaping Queries</h2>
				80
				81	<p>It's a very good security practice to escape your data before sumbiting it into your database.
				82	Code Igniter has two functions that help you do this:</p>
				83
				84	<ol>
				85	</li>
				86	<li><strong>$this->db->escape()</strong> This function determines the data type so that it
				87	can escape only string data. It also automatically adds single quotes around the data so you don't have to:
				88
				89	<code>$sql = "INSERT INTO table (title) VALUES(".$this->db->escape($title).")";</code>
				90
				91
				92	<li><strong>$this->db->escape_str()</strong> This function escapes the data passed to it, regardless of type.
				93	Most of the time you'll use the above function rather then this one. Use the function like this:
				94
				95	<code>$sql = "INSERT INTO table (title) VALUES('".$this->db->escape_str($title)."')";</code>
				96
				97
				98	</li>
				99	</ol>
				100
				101
				102
				103	<h1><br />Query Bindings</h1>
				104
				105
				106	<p>Bindings enable you to simplify your query syntax by letting the system put the queries together for you. Consider the following example:</p>
				107
				108	<code>
				109	$sql = "SELECT * FROM some_table WHERE id = <var>?</var> AND status = <var>?</var> AND author = <var>?</var>";
				110	<br /><br />
				111	$this->db->query($sql, array(3, 'live', 'Rick'));
				112	</code>
				113
				114	<p>The question marks in the query are automatically replaced with the values in the array in the second parameter of the query function.</p>
				115	<p class="important">The secondary benefit of using binds is that the values are automatically escaped, producing safer queries. You don't have to remember to manually escape data; the engine does it automatically for you.</p>
				116
				117
				118
				119	<h1><br />Query Helper Functions</h1>
				120
				121
				122	<h2>$this->db->last_query();</h2>
				123
				124	<p>Returns the last query that was run (the query string, not the result). Example:</p>
				125
				126	<code>$str = $this->db->last_query();<br />
				127	<br />
				128	// Produces: SELECT * FROM sometable....
				129	</code>
				130
				131
				132	<p>The following two functions help simplify the process of writing database INSERTs and UPDATEs.</p>
				133
				134
				135	<h2>$this->db->insert_string(); </h2>
				136	<p>This function simplifies the process of writing database inserts. It returns a correctly formatted SQL insert string. Example:</p>
				137
				138	<code>$data = array('name' => $name, 'email' => $email, 'url' => $url);<br />
				139	<br />
				140	$str = $this->db->insert_string('table_name', $data);
				141	</code>
				142
				143	<p>The first parameter is the table name, the second is an associative array with the data to be inserted. The above example produces:</p>
				144	<code>INSERT INTO table_name (name, email, url) VALUES ('Rick', 'rick@your-site.com', 'www.your-site.com')</code>
				145
				146
				147
				148	<h2>$this->db->update_string(); </h2>
				149	<p>This function simplifies the process of writing database updates. It returns a correctly formatted SQL update string. Example:</p>
				150
				151	<code>$data = array('name' => $name, 'email' => $email, 'url' => $url);<br />
				152	<br />
				153	$where = "author_id = 1 AND status = 'active'";
				154	<br /><br />
				155	$str = $this->db->update_string('table_name', $data, $where);
				156	</code>
				157
				158	<p>The first parameter is the table name, the second is an associative array with the data to be inserted, and the third parameter is the "where" clause. The above example produces:</p>
				159	<code> UPDATE exp_weblog SET name = 'Rick', email = 'rick@your-site.com', url = 'www.your-site.com' WHERE author_id = 1 AND status = 'active'</code>
				160
				161
				162
				163
				164	</div>
				165	<!-- END CONTENT -->
				166
				167
				168	<div id="footer">
				169	<p>
				170	Previous Topic:  <a href="connecting.html">Connecting to your Database</a>
				171	·
				172	<a href="#top">Top of Page</a>   ·
				173	<a href="../../index.html">User Guide Home</a>   ·
				174	Next Topic:  <a href="results.html">Query Results</a>
				175	<p>
				176	<p><a href="http://www.codeigniter.com">Code Igniter</a>  ·  Copyright © 2006  ·  <a href="http://www.pmachine.com">pMachine, Inc.</a></p>
				177	</div>
				178
				179	</body>
				180	</html>