Part of the EllisLab Network
CodeIgniter  >   Forum Home  >  CodeIgniter Development Forums  >  Code and Application Development  >  Thread
   
 
Active Record: Should this be happening?
 
CI Nick
Posted: 22 February 2007 10:32 AM   [ Ignore ]  
Grad Student
Rank
Total Posts:  63
Joined  03-08-2006

Hi everyone,

I’ve never come across this before, so I’m wondering if this is normal behaviour, or if I have done something wrong.

I have a function in a model like this:

function MyFunction($id)
{
    $this->db->where('primaryID', $id);
    $query = $this->db->get('MyTable');
        
    return $query->result();
}

If an $id is not sent to the function (I know this shouldn’t happen but…) the query runs like this:

SELECT * FROM MyTable WHERE primaryID

This returns all the data from MyTable, which is very bad.

Should the Active Record class not automatically shield queries like this??

Thanks,
Nick.

Profile
 
 
Geert De Deckere
Posted: 22 February 2007 10:53 AM   [ Ignore ]   [ # 1 ]  
Lab Assistant
RankRank
Total Posts:  248
Joined  02-10-2007

This seems like a logically derived query to me. What SQL would you expect active record to generate instead? Just supplying some id to match that field only may lead to unexpected/untransparent results.

In my opinion you should fix your code so that $id always is initialized. This can be done very simply by adding a default value to the function’s parameter, for example.

function MyFunction($id = 0) { // ...

Even better would be to filter $id inside the function before continuing.

function MyFunction($id = 0) {
  $id = (int) abs($id);
  // ...
 Signature 

Kohana rocks!

Profile
 
 
Negligence
Posted: 22 February 2007 11:18 AM   [ Ignore ]   [ # 2 ]  
Lab Assistant
RankRank
Total Posts:  173
Joined  11-29-2006

Yes, this is normal. One of the ways to create the WHERE portion of the query is to simply pass in a custom string. So in your example, when $id is absent, it thinks the ‘primaryID’ string is actually something like ‘primaryID = 4’.

Selecting Records

Profile
 
 
Port
Posted: 22 February 2007 12:56 PM   [ Ignore ]   [ # 3 ]  
Summer Student
Avatar
Total Posts:  20
Joined  02-07-2007

You function should look something like the following:

function MyFunction($id)
{
    if (!empty($id)){
         $id = (int) $id; //And some other filtering as well
         $this->db->where('primaryID', $id);
         $query = $this->db->get('MyTable');
        
          return $query->result();

     }else{     
          //error: where's the number!
     }
}

Always check to make sure what you are getting is what you expect.

Port

 Signature 

“And I don’t want the world to see me | ‘Cause I don’t think that they’d understand
When everything’s meant to be broken | I just want you to know who I am”
                              —Goo Goo Dolls

Profile
 
 
   
 
 
‹‹ Converting to UTF-8      Strange result of $this->load->library function ››
Post Marker Legend
New Topic New posts Hot Topic Hot Topic with new posts New Poll New Poll Moved Topic Moved Topic Sticky Topic Sticky topic
Old Topic No new posts Hot Old Topic Hot Topic with no new posts Old Poll Old Poll Closed Topic Closed Topic Announcement Announcements
Theme
Change Theme
Visitor Statistics
The most visitors ever was 819, on March 11, 2010 11:15 AM
Total Registered Members: 120604 Total Logged-in Users: 43
Total Topics: 126642 Total Anonymous Users: 3
Total Replies: 665701 Total Guests: 479
Total Posts: 792343    
Members ( View Memberlist )
Newest Members:  bell143paololukDarleneChadbourneRashadSargIvar89lhumphris18aHonschowmtRetliff
Active Members:    @rnoaj2000akatsukiaquariuzbhoggBrayancahvaCippoCobblestonecold_fusionColm WardCraig300CrucialDan MurfittExomFrank BergerGuerraHonschoinvisionIvar89JoostVLemontreemallcommdddMichail1982mustnalduommyouttolunchovonelmonkPascal KrietepascalnPhil SturgeonphilmpspvideoconverterramonekalsawregfixrossmurphySilvQSkullstokyoUweKarlwakey
Powered By ExpressionEngine
ExpressionEngine Discussion Forum - Version 2.1.1 (20081028)
Script Executed in 1.1488 seconds
Atom Feed   RSS 2.0