I use codeigniter, and most of the time I use active recording for my requests (which automatically eludes them), but this request does not seem to fit neatly into it due to the variable. So I need to figure out how to avoid the request manually.
Codeigniter docs suggest avoiding queries this way:
$sql = "INSERT INTO table (title) VALUES(".$this->db->escape($title).")";
My initial request
$sql = "SELECT * FROM (`user_language`) WHERE `user_id` = '{$id}'";
My shielded request
$sql = "SELECT * FROM (`user_language`) WHERE `user_id` = '{$id}' VALUES(".$this->db->escape($user_language).")";
But it's hard for me to get the syntax right. Error messages:
- PHP error message: Undefined variable: user_language
- SQL error: syntax is incorrect ... near 'VALUES (NULL)' on line 1
source
share