Binding queries is another useful security process; if you use binding with your queries, values are automatically escaped by CodeIgniter, and there is no need for you to manually do so.
Copy the following SQL into your database:
CREATE TABLE IF NOT EXISTS `users` (
`user_id` int(11) NOT NULL AUTO_INCREMENT,
`user_first_name` varchar(125) NOT NULL,
`user_last_name` varchar(125) NOT NULL,
`user_email` varchar(255) NOT NULL,
`user_created_date` int(11) NOT NULL COMMENT 'unix timestamp',
`user_is_active` varchar(3) NOT NULL COMMENT 'yes or no',
PRIMARY KEY (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
INSERT INTO `users` (`user_first_name`, `user_last_name`, `user_email`, `user_created_date`, `user_is_active`) VALUES
('Chloe', 'Graves', '[email protected]', 1366114115, 'yes'),
('Mark', 'Brookes', '[email protected]', 1366114115, 'yes'),In any of your models, adapt your query code to reflect the following:
$query = "SELECT * FROM users WHERE users.is_active = ? AND users.created_date > ?"; $this->db->query($query, 'yes', '1366114114'),
Using a table called users as an example, the query will try to fetch all records where users.is_active equals Y and users.created_date is greater than 1359706809 (02/01/2013 – 03:20). But, you'll notice that there are two question marks in the query, and each question mark represents an item in the $data array. The values in the $data array are passed in order and into the query by the line $this->db->query($query, $data);. So, the first question mark in the query will be replaced with the first item in the array, the second question mark in the query will be replaced by the second item in the array, and so on.