Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / ce79be0b5ffc9d5754c93771a8c289a252ec437b / . / user_guide_src / source / database / queries.rst
blob: 11dd78392d06fa11fcca37bf04b42d161e2a4dcb [file] [log] [blame]
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]1#######
2Queries
3#######
4
5$this->db->query();
6===================
7
8To submit a query, use the following function::
9
10 $this->db->query('YOUR QUERY HERE');
11
12The query() function returns a database result **object** when "read"
13type queries are run, which you can use to :doc:`show your
14results <results>`. When "write" type queries are run it simply
15returns TRUE or FALSE depending on success or failure. When retrieving
16data you will typically assign the query to your own variable, like
17this::
18
19 $query = $this->db->query('YOUR QUERY HERE');
20
21$this->db->simple_query();
22===========================
23
Andrey Andreev1922a882012-06-15 15:16:51 +0300[diff] [blame]24This is a simplified version of the $this->db->query() method. It DOES
25NOT return a database result set, nor does it set the query timer, or
26compile bind data, or store your query for debugging. It simply lets you
27submit a query. Most users will rarely use this function.
28
29It returns whatever the database drivers' "execute" function returns.
30That typically is TRUE/FALSE on success or failure for write type queries
31such as INSERT, DELETE or UPDATE statements (which is what it really
32should be used for) and a resource/object on success for queries with
33fetchable results.
34
35::
36
37 if ($this->db->simple_query('YOUR QUERY'))
38 {
39 echo "Success!";
40 }
41 else
42 {
43 echo "Query failed!";
44 }
45
46.. note:: PostgreSQL's pg_exec() function always returns a resource on
47 success, even for write type queries. So take that in mind if
48 you're looking for a boolean value.
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]49
50***************************************
51Working with Database prefixes manually
52***************************************
53
54If you have configured a database prefix and would like to prepend it to
55a table name for use in a native SQL query for example, then you can use
56the following::
57
58 $this->db->dbprefix('tablename'); // outputs prefix_tablename
59
60
61If for any reason you would like to change the prefix programatically
62without needing to create a new connection, you can use this method::
63
Joseph Wensleyf24f4042011-10-06 22:53:29 -0400[diff] [blame]64 $this->db->set_dbprefix('newprefix');
65 $this->db->dbprefix('tablename'); // outputs newprefix_tablename
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]66
67
68**********************
69Protecting identifiers
70**********************
71
72In many databases it is advisable to protect table and field names - for
Jamie Rumbelow7efad202012-02-19 12:37:00 +0000[diff] [blame]73example with backticks in MySQL. **Query Builder queries are
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]74automatically protected**, however if you need to manually protect an
75identifier you can use::
76
77 $this->db->protect_identifiers('table_name');
78
79
80This function will also add a table prefix to your table, assuming you
81have a prefix specified in your database config file. To enable the
82prefixing set TRUE (boolen) via the second parameter::
83
84 $this->db->protect_identifiers('table_name', TRUE);
85
86
87****************
88Escaping Queries
89****************
90
91It's a very good security practice to escape your data before submitting
92it into your database. CodeIgniter has three methods that help you do
93this:
94
95#. **$this->db->escape()** This function determines the data type so
96 that it can escape only string data. It also automatically adds
97 single quotes around the data so you don't have to:
98 ::
99
100 $sql = "INSERT INTO table (title) VALUES(".$this->db->escape($title).")";
101
102#. **$this->db->escape_str()** This function escapes the data passed to
103 it, regardless of type. Most of the time you'll use the above
104 function rather than this one. Use the function like this:
105 ::
106
107 $sql = "INSERT INTO table (title) VALUES('".$this->db->escape_str($title)."')";
108
109#. **$this->db->escape_like_str()** This method should be used when
110 strings are to be used in LIKE conditions so that LIKE wildcards
111 ('%', '\_') in the string are also properly escaped.
112
113::
114
115 $search = '20% raise'; $sql = "SELECT id FROM table WHERE column LIKE '%".$this->db->escape_like_str($search)."%'";
116
117
118**************
119Query Bindings
120**************
121
122Bindings enable you to simplify your query syntax by letting the system
123put the queries together for you. Consider the following example::
124
Joseph Wensleyf24f4042011-10-06 22:53:29 -0400[diff] [blame]125 $sql = "SELECT * FROM some_table WHERE id = ? AND status = ? AND author = ?";
126 $this->db->query($sql, array(3, 'live', 'Rick'));
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]127
128The question marks in the query are automatically replaced with the
129values in the array in the second parameter of the query function.
130
131The secondary benefit of using binds is that the values are
132automatically escaped, producing safer queries. You don't have to
133remember to manually escape data; the engine does it automatically for
134you.
Andrey Andreev4be5de12012-03-02 15:45:41 +0200[diff] [blame]135
136***************
137Handling Errors
138***************
139
140$this->db->error();
141===================
142
143If you need to get the last error that has occured, the error() method
144will return an array containing its code and message. Here's a quick
145example::
146
147 if ( ! $this->db->simple_query('SELECT `example_field` FROM `example_table`'))
148 {
149 $error = $this->db->error(); // Has keys 'code' and 'message'
150 }
151