From 12abaeb8f1771beb5858bf071d8fd576b5eb2c9b Mon Sep 17 00:00:00 2001
From: Rick Ellis
Date: Fri, 17 Oct 2008 04:08:03 +0000
Subject:
---
user_guide/changelog.html | 1 +
user_guide/database/queries.html | 9 ++++++++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index e12e343bc..164bf8a1f 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -71,6 +71,7 @@ SVN Revision: XXXX
Added the ability to assign library objects to your own variable names when you use $this->load->library(). Please see the Loader class for more info.
Added controller class/method info to Profiler class.
Improved the "auto typography" feature and moved it out of the helper into its own Typography Class.
+ Improved Active Record class to allow full path column and table names: hostname.database.table.column
Added max_filename option to set a file name length limit in the File Upload Class.
Added set_status_header() function to Output class.
Changed the output of the profiler to use style attribute rather than clear, and added the id "codeigniter_profiler" to the container div.
diff --git a/user_guide/database/queries.html b/user_guide/database/queries.html
index 1411e65db..35f2da786 100644
--- a/user_guide/database/queries.html
+++ b/user_guide/database/queries.html
@@ -84,9 +84,16 @@ It simply lets you submit a query. Most users will rarely use this function.
If you have configured a database prefix and would like to add it in manually for, you can use the following.
$this->db->dbprefix('tablename');
// outputs prefix_tablename
+
+
Protecting identifiers
-In many databases it is advisable to protect table and field names - for example with backticks in MySQL. Active Record queries are automatically protected, however if you need to manually protect an identifier you can use:
+In many databases it is advisable to protect table and field names - for example with backticks in MySQL. Active Record queries are automatically protected, however if you need to manually protect an identifier you can use:
$this->db->protect_identifiers('table_name');
+
+This function will also add a table prefix to your table, assuming you have a prefix specified in your database config file. To enable the prefixing set TRUE (boolen) via the second parameter:
+$this->db->protect_identifiers('table_name', TRUE);
+
+
Escaping Queries
It's a very good security practice to escape your data before submitting it into your database.
CodeIgniter has two functions that help you do this:
--
cgit v1.2.3-24-g4f1b