summaryrefslogtreecommitdiffstats
path: root/user_guide_src/source
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2014-10-22 22:46:38 +0200
committerAndrey Andreev <narf@devilix.net>2014-10-22 22:46:38 +0200
commitaff2fdc8c69c9257422ca325d2018a347309b0b9 (patch)
tree57c44ecdfe94d192aeb44f9e7ee93e34e50d0da4 /user_guide_src/source
parent2b2288dc1ddeb030eb43734683ab3586ac826189 (diff)
parent1db369f77a158d72fcb7fe44f84efcfe9ac2f0d7 (diff)
Merge pull request #3277 from clawoo/develop
Escape arrays sent as binding values for database queries.
Diffstat (limited to 'user_guide_src/source')
-rw-r--r--user_guide_src/source/changelog.rst1
-rw-r--r--user_guide_src/source/database/queries.rst9
2 files changed, 10 insertions, 0 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 0e4930289..99cdf4d4e 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -173,6 +173,7 @@ Release Date: Not Released
- Added Interbase/Firebird database support via the *ibase* driver.
- Added ODBC support for ``create_database()``, ``drop_database()`` and ``drop_table()`` in :doc:`Database Forge <database/forge>`.
- Added **save_queries** configuration setting to *application/config/database.php* (defaults to ``TRUE``).
+ - Added support to binding arrays as ``IN()`` sets in ``query()``.
- :doc:`Query Builder <database/query_builder>` changes include:
diff --git a/user_guide_src/source/database/queries.rst b/user_guide_src/source/database/queries.rst
index 90f49afb1..76ff1083f 100644
--- a/user_guide_src/source/database/queries.rst
+++ b/user_guide_src/source/database/queries.rst
@@ -132,6 +132,15 @@ put the queries together for you. Consider the following example::
The question marks in the query are automatically replaced with the
values in the array in the second parameter of the query function.
+Binding also work with arrays, which will be transformed to IN sets::
+
+ $sql = "SELECT * FROM some_table WHERE id IN ? AND status = ? AND author = ?";
+ $this->db->query($sql, array(array(3, 6), 'live', 'Rick'));
+
+The resulting query will be::
+
+ SELECT * FROM some_table WHERE id IN (3,6) AND status = 'live' AND author = 'Rick'
+
The secondary benefit of using binds is that the values are
automatically escaped, producing safer queries. You don't have to
remember to manually escape data; the engine does it automatically for