diff options
Diffstat (limited to 'user_guide/database/queries.html')
-rw-r--r-- | user_guide/database/queries.html | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/user_guide/database/queries.html b/user_guide/database/queries.html index c1495bb0b..83d79550b 100644 --- a/user_guide/database/queries.html +++ b/user_guide/database/queries.html @@ -95,6 +95,8 @@ $this->db->dbprefix('tablename');<br /> <p>In many databases it is advisable to protect table and field names - for example with backticks in MySQL. <strong>Active Record queries are automatically protected</strong>, however if you need to manually protect an identifier you can use:</p> <p><code>$this->db->protect_identifiers('table_name');</code></p> +<p class="important">Although Active Record will try its best to properly quote any field and table names that you feed it, note that it is NOT designed to work with arbitrary user input. DO NOT feed it with unsanitized user data.</p> + <p>This function will also add a table prefix to your table, assuming you have a prefix specified in your database config file. To enable the prefixing set <kbd>TRUE</kbd> (boolen) via the second parameter:</p> <p><code>$this->db->protect_identifiers('table_name', <kbd>TRUE</kbd>);</code></p> @@ -151,7 +153,7 @@ Previous Topic: <a href="connecting.html">Connecting to your Database <a href="../index.html">User Guide Home</a> · Next Topic: <a href="results.html">Query Results</a> </p> -<p><a href="http://codeigniter.com">CodeIgniter</a> · Copyright © 2006 - 2012 · <a href="http://ellislab.com/">EllisLab, Inc.</a></p> +<p><a href="http://codeigniter.com">CodeIgniter</a> · Copyright © 2006 - 2014 · <a href="http://ellislab.com/">EllisLab, Inc.</a></p> </div> </body> |