diff options
-rw-r--r-- | user_guide_src/source/database/queries.rst | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/user_guide_src/source/database/queries.rst b/user_guide_src/source/database/queries.rst index 11dd78392..5d168c275 100644 --- a/user_guide_src/source/database/queries.rst +++ b/user_guide_src/source/database/queries.rst @@ -19,7 +19,7 @@ this:: $query = $this->db->query('YOUR QUERY HERE'); $this->db->simple_query(); -=========================== +========================== This is a simplified version of the $this->db->query() method. It DOES NOT return a database result set, nor does it set the query timer, or @@ -43,9 +43,9 @@ fetchable results. echo "Query failed!"; } -.. note:: PostgreSQL's pg_exec() function always returns a resource on - success, even for write type queries. So take that in mind if - you're looking for a boolean value. +.. note:: PostgreSQL's ``pg_exec()`` function (for example) always + returns a resource on success, even for write type queries. + So take that in mind if you're looking for a boolean value. *************************************** Working with Database prefixes manually @@ -76,6 +76,10 @@ identifier you can use:: $this->db->protect_identifiers('table_name'); +.. important:: Although the Query Builder will try its best to properly + quote any field and table names that you feed it, note that it + is NOT designed to work with arbitrary user input. DO NOT feed it + with unsanitized user data. This function will also add a table prefix to your table, assuming you have a prefix specified in your database config file. To enable the |