Codeigniter increase value in database from array with only one component escaped

Question

I need to increase the value of a field in my CodeIgniter database.

I understand that CI allows not to escape values, setting as FALSE the third parameter in $this->db->set().

I am inserting multiple data from an array, and as I understand, it would be not much secure to escape them all (data is coming from form), since I only need increasing in one field.

How can I avoid inserting this value separately?

My current code:

$dataCliente = array(
    'nombre'          => $nombre,
    'email'           => $email,
    'genero'          => $genero,
    'reserva_next'    => $fecha,
    'reserva_next_id' => $reserva_id,
    'reserva_lastreq' => time(),
    'reservas'        => "reservas+1"
);
$this->db->where('telefono', $telefono);
$this->db->update('clientes', $dataCliente);

EDIT: I HAVE TESTED WITH SIMPLE AND DOUBLE QUOTES, IN BOTH CASES THE VALUE OF THE FIELD IS SAVED AS 0 (ZERO)

The previous code does not produce the expected result. But this works:

$dataCliente = array(
    'nombre'          => $nombre,
    'email'           => $email,
    'genero'          => $genero,
    'reserva_next'    => $fecha,
    'reserva_next_id' => $reserva_id,
    'reserva_lastreq' => time(),
    //'reservas'        => "reservas+1"
);
$this->db->where('telefono', $telefono);
$this->db->update('clientes', $dataCliente);


$this->db->set('reservas', 'reservas+1', FALSE);
$this->db->where('telefono', $telefono);
$this->db->update('clientes', $dataCliente);

My intention is to use only one statement to insert data. Is it possible not to escape a single element of the array, using the first code?

Thank you very much!

@DevsiOdedra Your value seems not to be well formatted, with a single quote left over. Could you correct it to test it? Thank you! — Ignacio Aguirre, Dec 17 '19 at 04:39
refer https://stackoverflow.com/a/20183089/6309457 there is value ib `set` , use that value in array — Devsi Odedra, Dec 17 '19 at 04:44
@DevsiOdedra changed to this: ```'reservas' => '`reservas`+1'``` but on update, the value is set to 0 (zero) — Ignacio Aguirre, Dec 17 '19 at 05:00
I am wondering why, in your "working" example, you have performed two updates? You would only need the array and the last 3 statements for this to work. — TimBrownlaw, Dec 17 '19 at 08:56
@TimBrownlaw becouse as i know, i should escape the values from user input, and all the data from array comes from an form. — Ignacio Aguirre, Dec 17 '19 at 21:58
I think you misunderstood me - In the Last Example, you still have the OLD where and update immediately after your array is defined. You do not need these. You only need the last Set,Where and Update commands. — TimBrownlaw, Dec 18 '19 at 03:24
@TimBrownlaw you're right! I had not seen it, thanks for the observation. — Ignacio Aguirre, Dec 19 '19 at 00:32

score 1 · Answer 1 · answered Dec 18 '19 at 03:32

The simple answer is No. It's a very simple array.

You can see that the SET statement has 3 parameters. How are you planning on adding that into your data array.

The other reasons probably are...

It's already covered by using set with false.
It's a royal pain in the butt to add more fields in the array and have to parse them to determine which one requires the false flag.

Using Set as you have is perfectly acceptable and when you think about it in your case...

Each time you perform an update to an entry you will always increment the "reservas" value. This isn't and definitely should not be a part of your "Data" you wish to update from your Form. It is a function of the update itself.

So that kind of leads into... lets make a function. This isn't really part of the answer to your question but I have added it as simply something to ponder over.

You can put this where ever you like but to keep it simple I'll assume you have a client controller and I'll put it all in there for this example...

So set up your $telefono and $dataCliente as only you know where that comes from... Then create a simple single function.

private function update_client_details($data, $telefono) {
    $this->db->set('reservas', 'reservas+1', FALSE);
    $this->db->where('telefono', $telefono);
    $this->db->update('clientes', $data);
}

And call the above method to perform the update. It's become One Statement.

It's a good idea to make this private if its in the controller. In a Model it would need to be public.

Hey! I will use the content of the function within my method, as recommended by you in the [comment](https://stackoverflow.com/questions/59367206/codeigniter-increase-value-in-database-from-array-with-only-one-component-escape#comment104961556_59367206). About to the update of the data, that part is executed only under a condition related to the insertion of data, not with the update (data is being inserted in another table, if the client already exists the value is increased, otherwise the value remains as 1). Thank you very much for your answer. — Ignacio Aguirre, Dec 19 '19 at 01:14

score 0 · Answer 2 · answered Dec 17 '19 at 03:33

0

use a single quote not double quote

$dataCliente = array(
    'nombre'          => $nombre,
    'email'           => $email,
    'genero'          => $genero,
    'reserva_next'    => $fecha,
    'reserva_next_id' => $reserva_id,
    'reserva_lastreq' => time(),
    'reservas'        => 'reservas+1'
);

see this link for further info

answered Dec 17 '19 at 03:33

Yosafat Ksatria

133
1
1
14

Hi! Thanks for reply. Changing to single quote does not work for me. Using single quote changes the value to 0 (my field type is INT), so when obtaining the zero value, I imagine that it is due to the insertion of an erroneous value – Ignacio Aguirre Dec 17 '19 at 03:54

Codeigniter increase value in database from array with only one component escaped

2 Answers2

Linked