From 12abaeb8f1771beb5858bf071d8fd576b5eb2c9b Mon Sep 17 00:00:00 2001 From: Rick Ellis Date: Fri, 17 Oct 2008 04:08:03 +0000 Subject: --- user_guide/database/queries.html | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'user_guide/database') diff --git a/user_guide/database/queries.html b/user_guide/database/queries.html index 1411e65db..35f2da786 100644 --- a/user_guide/database/queries.html +++ b/user_guide/database/queries.html @@ -84,9 +84,16 @@ It simply lets you submit a query. Most users will rarely use this function.

If you have configured a database prefix and would like to add it in manually for, you can use the following.

$this->db->dbprefix('tablename');
// outputs prefix_tablename

+ +

Protecting identifiers

-

In many databases it is advisable to protect table and field names - for example with backticks in MySQL. Active Record queries are automatically protected, however if you need to manually protect an identifier you can use:

+

In many databases it is advisable to protect table and field names - for example with backticks in MySQL. Active Record queries are automatically protected, however if you need to manually protect an identifier you can use:

$this->db->protect_identifiers('table_name');

+ +

This function will also add a table prefix to your table, assuming you have a prefix specified in your database config file. To enable the prefixing set TRUE (boolen) via the second parameter:

+

$this->db->protect_identifiers('table_name', TRUE);

+ +

Escaping Queries

It's a very good security practice to escape your data before submitting it into your database. CodeIgniter has two functions that help you do this:

-- cgit v1.2.3-24-g4f1b