CodeIgniter User Guide Version 1.6.1 |
Table of Contents Page |
CodeIgniter Home › User Guide Home › Database Library › Queries |
To submit a query, use the following function:
$this->db->query('YOUR QUERY HERE');
The query() function returns a database result object when "read" type queries are run, which you can use to show your results. When "write" type queries are run it simply returns TRUE or FALSE depending on success or failure. When retrieving data you will typically assign the query to your own variable, like this:
$query = $this->db->query('YOUR QUERY HERE');
This is a simplified version of the $this->db->query() function. It ONLY returns TRUE/FALSE on success or failure. It DOES NOT return a database result set, nor does it set the query timer, or compile bind data, or store your query for debugging. It simply lets you submit a query. Most users will rarely use this function.
If you have configured a database prefix and would like to add it in manually for, you can use the following.
$this->db->dbprefix('tablename');
// outputs prefix_tablename
In many databases it is advisable to protect table and field names - for example with backticks in MySQL. Active Record queries are automatically protected, however if you need to manually protect an identifier you can use:
$this->db->protect_identifier('table_name');
It's a very good security practice to escape your data before submitting it into your database. CodeIgniter has two functions that help you do this:
$sql = "INSERT INTO table (title) VALUES(".$this->db->escape($title).")";
$sql = "INSERT INTO table (title) VALUES('".$this->db->escape_str($title)."')";
Bindings enable you to simplify your query syntax by letting the system put the queries together for you. Consider the following example:
$sql = "SELECT * FROM some_table WHERE id = ? AND status = ? AND author = ?";
$this->db->query($sql, array(3, 'live', 'Rick'));
The question marks in the query are automatically replaced with the values in the array in the second parameter of the query function.
The secondary benefit of using binds is that the values are automatically escaped, producing safer queries. You don't have to remember to manually escape data; the engine does it automatically for you.