Weird backticks behaviour in Active Record in CodeIgniter 2.0.3

后端未结

关注

 9  1555

Previously my all queries were running fine in CI version 2.0 but when I upgraded to 2.0.3 some of my SELECT queries were broken.

CI is adding

相关标签:

9条回答

爱一瞬间的悲伤

2020-12-29 06:15

All other answers are really old, this one works with CI 2.1.4

// set this to false so that _protect_identifiers skips escaping:
$this->db->_protect_identifiers = FALSE;

// your order_by line:
$this -> db -> order_by('FIELD ( products.country_id, 2, 0, 1 )');

// important to set this back to TRUE or ALL of your queries from now on will be non-escaped:
$this->db->_protect_identifiers = TRUE;

0 讨论(0)

不思量自难忘°

2020-12-29 06:20
Here's a trick that worked for me. Replace this line
```
$this->db->join($this->_table_device, $fieldname1. " = ".  $fieldname2, 'LEFT');
```
with this:
```
$this->db->join($this->_table_device, $fieldname1. " IN(".  $fieldname2 .")", 'LEFT');
```
this will prevent CI from escaping your field. It's not ideal but it's better than the alternatives.
0 讨论(0)
发布评论:

提交评论
- 加载中...
[愿得一人]

2020-12-29 06:22
I just read a simple solution for this...

I changed the value of var $_escape_char (system/database/drivers/mysql/mysql_driver.php, line 36..

It was
```
var $_escape_char = '`';
```
Changed to
```
var $_escape_char = ' ';
```
and now it works... But i am affraid if I made any security issues..

Thanks
0 讨论(0)
发布评论:

提交评论
- 加载中...
故里飘歌

2020-12-29 06:25
Use this line before your query:
```
$this->db->_protect_identifiers=false;
```
This will stop adding backticks to the built query.
0 讨论(0)
发布评论:

提交评论
- 加载中...
一整个雨季

2020-12-29 06:27
CI will only protect your ACTIVE RECORD calls, so if you are running $this->db->query(); you will be fine, and based on the notes you should be safe with AD calls like so to disable backticks (not sure why you say they don't work, but I don't see your full code, so I can't be sure)
```
$this->db->select('(SELECT SUM(payments.amount) FROM payments WHERE payments.invoice_id=4') AS amount_paid', FALSE);
$query = $this->db->get('mytable');
```
make sure FALSE is without single quotes (makes it a string), and it might not validate (not tested by me).
0 讨论(0)
发布评论:

提交评论
- 加载中...
暗喜

2020-12-29 06:30
```
class Company_model extends MY_Model
{

----------------

$this->db->select(" count('$fieldname') as num_stations",false);
$this->db->select(" CONCAT_WS(',', clb_company.address1, clb_company.address2, clb_company.city, clb_company.state, clb_company.zipcode ) as companyAddress",false);
$this->db->from($this->_table);
$this->db->join($this->_table_device, $fieldname1. " = ".  $fieldname2, 'LEFT');
$this->db->where($blablafield , '0');
----------------
```
The false you were talking about is what is needed, can you try the code above and copy and paste to us the output of
```
echo $this->db->last_query();
```
This will show us what the DB class is creating exactly and we can see whats working / what isn't. It may be something else (you haven't given the error from that is generated sometimes sql errors can be misleading.)

From the docs:

$this->db->select() accepts an optional second parameter. If you set it to FALSE, CodeIgniter will not try to protect your field or table names with backticks. This is useful if you need a compound select statement.
0 讨论(0)
发布评论:

提交评论
- 加载中...

1 2 下一页