When I have a SQL query built that contains parentheses in one of the search values, I do not get the result that I am expecting. However, if I run the query on my database directly I have the expected result returned.
Also, if my search does not contain parentheses it will properly return the expected result.
CodeIgniter model function:
function get_submodels($params)
{
$sql = "SELECT DISTINCT(`a`.`submodel`), `a`.`model_id` FROM `models` AS `a`"
. "LEFT JOIN `manufacturers` AS `b` ON `a`.`manufacturer` = `b`.`manufacturer_id`"
. "WHERE `a`.`year` = ? AND `b`.`manufacturer` = ? AND `a`.`model` = ?"
. "ORDER BY `a`.`submodel` ASC;";
$query = $this->db->query($sql, $params);
return $query->result();
}
An example of a working query:
"... WHERE `a`.`year` = '2007' AND `b`.`manufacturer` = 'CHEVROLET' AND `a`.`model` = 'MONTE CARLO'"
An example of a non-working query:
"... WHERE `a`.`year` = '2007' AND `b`.`manufacturer` = 'MERCEDES BENZ' AND `a`.`model` = 'CLK350 (W209)'"
I have used $this->db->last_query() and the query is formatted properly. Even copying the last query that has no results and running it against the database directly will get the result expected.
Despite running $this->db->last_query() and seeing the query as being proper, I decided to enable profiling on the page. My results show that the parenthesis where being encoded into HTML entities.
Therefore, the query was being formed as this:
"... WHERE `a`.`year` = '2007' AND `b`.`manufacturer` = 'MERCEDES BENZ' AND `a`.`model` = 'CLK350 (W209)'"
Instead of this:
"... WHERE `a`.`year` = '2007' AND `b`.`manufacturer` = 'MERCEDES BENZ' AND `a`.`model` = 'CLK350 (W209)'"
I resolved this by modifying the insert query to use htmlentities for these columns and updated all existing records. While I knew the Codeigniter would escape values I was not aware that it would encode them as well.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.