2

I know codeigniter automatically escape characters to prevent possible sql injections. But how would I able to store string value in the database with double quotes on it. Is this possible? Or is there a function or condition that can ignore double quotes and still store it in the database using codeigniter active records? I have tried to store a double quoted value in the database but it fails to store the value. E.g. I want to store this value "Computer Course" in the database using the variable $course_desc but the description field in my database stores nothing.How would I able to do this? Here is my model active record code for inserting values:

Model:

public function insert_file($filename,$course_name,$course_desc,$tennant_email,$is_public,$concat_url)
{
  $data = array(
     'course_id'     => '',
     'tennant_id'    => $tennant_email,
     'display_public'=> $is_public,
     'course_name'   => $course_name,
     'course_desc'   => $course_desc,
     'private_url'   => $concat_url,
     'filename'      => $filename

              );

        $this->db->insert('courses', $data);
         return true;
  }
Improve this question
5
  • Queries with AR are automatically escaped so quotes shouldn't be a problem. If you var_dump($data) the value is enclosed by quotes? Commented Sep 24, 2013 at 14:28
  • Given your sample data this should work as is. what does $this->db->insert('courses', $data); return? Try putting this as the next line : echo $this->db->last_query(); Commented Sep 24, 2013 at 14:29
  • please post your query.If you use double quotes in description then it should work.No problem with that. Commented Sep 24, 2013 at 15:21
  • Yeah., AR automatically escaped characters. But the problem is whenever I want to save the $course_desc variable that is suppose to have a string value with double quotes on it, it wouldn't be saved. I want to save a string value for the $course_desc with double quotes around it when it is actually saved on the database in my phpmyadmin but it never been stored there. Commented Sep 24, 2013 at 15:40
  • E.g. "I want to save this string including the quotes around this in the database". Variable $course_desc is the variable assigned to store this value including the double quotes. Commented Sep 24, 2013 at 15:43

3 Answers 3

Reset to default
1

Just make the variable like this below,

$data = array( 'course_desc'   => '"'.$course_desc.'"' )

Kindly let me know whether this helps.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

If you had a problem on inserting data with double quotes("), i suggest to you to try using replace. For example:

$data = array(
     'course_id'     => '',
     'tennant_id'    => $tennant_email,
     'display_public'=> $is_public,
     'course_name'   => $course_name,
     'course_desc'   => str_replace('"','xxxxx',$course_desc)),
     'private_url'   => $concat_url,
     'filename'      => $filename

              );

        $this->db->insert('courses', $data);

and vice versa when selecting / getting on it in the database.

I hope this will help.

Improve this answer

Comments

0

You can use '\' 

$data = array(

    'course_desc'   => "\"$course_desc\""

}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.