From 12abaeb8f1771beb5858bf071d8fd576b5eb2c9b Mon Sep 17 00:00:00 2001 From: Rick Ellis Date: Fri, 17 Oct 2008 04:08:03 +0000 Subject: --- user_guide/changelog.html | 1 + user_guide/database/queries.html | 9 ++++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/user_guide/changelog.html b/user_guide/changelog.html index e12e343bc..164bf8a1f 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -71,6 +71,7 @@ SVN Revision: XXXX

  • Added the ability to assign library objects to your own variable names when you use $this->load->library(). Please see the Loader class for more info.
  • Added controller class/method info to Profiler class.
  • Improved the "auto typography" feature and moved it out of the helper into its own Typography Class.
    • +
  • Improved Active Record class to allow full path column and table names: hostname.database.table.column
  • Added max_filename option to set a file name length limit in the File Upload Class.
  • Added set_status_header() function to Output class.
  • Changed the output of the profiler to use style attribute rather than clear, and added the id "codeigniter_profiler" to the container div.
    • diff --git a/user_guide/database/queries.html b/user_guide/database/queries.html index 1411e65db..35f2da786 100644 --- a/user_guide/database/queries.html +++ b/user_guide/database/queries.html @@ -84,9 +84,16 @@ It simply lets you submit a query. Most users will rarely use this function.

    If you have configured a database prefix and would like to add it in manually for, you can use the following.

    $this->db->dbprefix('tablename');
    // outputs prefix_tablename

    + +

    Protecting identifiers

    -

    In many databases it is advisable to protect table and field names - for example with backticks in MySQL. Active Record queries are automatically protected, however if you need to manually protect an identifier you can use:

    +

    In many databases it is advisable to protect table and field names - for example with backticks in MySQL. Active Record queries are automatically protected, however if you need to manually protect an identifier you can use:

    $this->db->protect_identifiers('table_name');

    + +

    This function will also add a table prefix to your table, assuming you have a prefix specified in your database config file. To enable the prefixing set TRUE (boolen) via the second parameter:

    +

    $this->db->protect_identifiers('table_name', TRUE);

    + +

    Escaping Queries

    It's a very good security practice to escape your data before submitting it into your database. CodeIgniter has two functions that help you do this:

    -- cgit v1.2.3-24-g4f1b