Best practice in writing queries in codeigniter

Question

I would like to know whats the best practice in writing a database (mysql) query in codeigniter. i have seen many different ways but was confused what would be the best practice.

Following are few methods i have gone through

Method 1

$this -> db -> select('id, username, password');
$this -> db -> from('users');
$this -> db -> where('username = ' . "'" . $username . "'");
$this -> db -> where('password = ' . "'" . MD5($password) . "'");
$this -> db -> limit(1);

Method 2

$query = $this->db->query("select * from user where username = '$uname' and password = '$pass'");

Method 3 (writing a stored procedure)

$query = "call authenticateuser(" . $this->db->escape($parameters['username']) . ", '" . sha1($parameters['password']) . "')";

There might may be many other ways, but would like to know what the best way in writing a query, therefore if anyone could advise, it would be really helpful.

Answer 1

Active records so best is method1 with little refactoring:

$this->db->select('id, username, password');
$this->db->from('users');
$this->db->where('username',$username);
$this->db->where('password', MD5($password));
$this->db->limit(1);

check your where() and mine where() :)

Active record query building is more comfortable, and readable when building queries, expecially if you need many filters where,like,order_by,join,limit writing down by hands the queries should be probably little faster, but i encourage you to use active record building.

Answer 2

i usually this to get data from database, it very easy and quick;

My model:

public function getdata($select,$table,$where,$limit,$offset,$order){

        if(isset($select) && !empty($select)){
            $this->db->select("$select");
        }
        if(isset($limit) && !empty($limit)){
            if(isset($offset) && !empty($offset)){
                $this->db->limit($limit,$offset);
            }
            else{
                $this->db->limit($limit);
            }
        }
        if(isset($where) && !empty($where)){
            foreach ($where as $key => $value) {
                $this->db->where($key,$value);
            }
        }
        if(isset($order) && !empty($order)){
            foreach ($order as $key => $value) {
                $this->db->order_by($key,$value);
            }
        }

        $query = $this->db->get("$table");
        return $query->result();
    }

My Controller:

$this->my_model->getdata('','user',array('userid' =>  1,'username' => 'my_username'),'','','');

this means:

select * from user where userid = 1 and username = 'my_username';

other example:

$this->my_model->getdata('username','user','',10,'','','');

means:

select username from user limit 10;

//my_model is model class name;

Answer 3

For me I'm using Stored Procedure although it is tedious in coding but the advantage are easy in maintenance, security and speed. Here is my example:

   function user_list($str_where, $str_order, $str_limit){

     $str_where  = $this->db->call_function('real_escape_string', $this->db->conn_id, $str_where);
    $str_order  = $this->db->call_function('real_escape_string', $this->db->conn_id, $str_order);
    $str_limit  = $this->db->call_function('real_escape_string', $this->db->conn_id, $str_limit);

$qry_res    = $this->db->query("CALL rt_sample_list('{$str_where}', '{$str_order}', '{$str_limit}');");
    $res        = $qry_res->result();

    $qry_res->next_result(); // Dump the extra resultset.
    $qry_res->free_result(); // Does what it says.

    return $res;

}

Answer 4

I use my own crud_model which is based upon CI's Active record in actual. It's better to pass $params array rather flooding functions with parameters.

In my Model:

//for JOINS etc stuff

public function get_joined_data($params){

    if (!empty($params['select'])) {
        $this->db->select($params['select']);
    }
    $this->db->from($params['from']);

    if (is_array($params['join']) || count($params['join']) > 1) {
        foreach ($params['join'] as $key => $value) {
            $join_values = explode(',', $value);
            $this->db->join($join_values[0], $join_values[1], $join_values[2]);
        }
    } else{
        $join_values = explode(',', $params['join'][0]);
        $this->db->join($join_values[0], $join_values[1], $join_values[2]);
    }

    if (!empty($params['key']) && !empty($params['where'])) {
        $this->db->where($params['key'], $params['where']);
    } else if (is_array($params['where'])) {

        $this->db->where($params['where']);
    }
    if (isset($params['like']) && is_array($params['like'])) {
        $this->db->like($params['like']);
    }
    if (isset($params['orderby']) && is_array($params['orderby'])) {
        foreach ($params['orderby'] as $name => $order) {
            $this->db->order_by($name, $order);
        }
    }
    if (isset($params['limit'])) {
        $this->db->limit($params['limit']['count'], $params['limit']['start']);
    }
    $query = $this->db->get();
    return $query->result();
}

And in Controller:

//joins()

$params = array(
    'from' => '$from',
    'join' => $join_arr,  
    'where' => $where_arr, 
    'orderby' => $orderby_arr 
    );`enter code here`
$donors_data = $this->crud_model->get_joined_data($params);