Esc Method

The sene_mysqli_engine::esc is used to escape and return string or array values, making them suitable for use in SQL queries. This ensures that user input and other data are properly sanitized before being inserted into a database. This method is part of Query Method builder. All input value that passed to this will added escape character by executing PHP MySQLi::real_escape_string .

Basic Usage

Here is the basic usage esc method from $db property on SENE_Model class.

x
+
$this->db->esc(string $value): mixed

Parameters

This method only required 1 parameter

$value

Can contain int or string to be escaped.

Example

Here is the example for esc method on d_order_model.php file.

x
+
<?php
class D_Order_Model extends \SENE_Model {
  public $tbl = 'd_order';
  public $tbl_as = 'dor';
  public $tbl2 = 'd_order_detail';
  public $tbl2_as = 'dod';

  public function __construct(){
    parent::__construct();
    $this->db->from($this->tbl,$this->tbl_as);
  }
  public function getByKode($kode){
    $this->db->from($this->tbl,$this->tbl_as);
    $this->db->join($this->tbl2, $this->tbl2_as, 'id', $this->tbl_as, 'd_order_id', '');
    $this->db->where_as("$this->tbl_as.kode", $this->db->esc($kode));
    return $this->db->get();
  }
}

SQL Result

The following is the SQL command that generated from D_Order_Model class methods.

x
+
-- result from executing D_Order_Model::getByKode('KN210803001') --
SELECT * FROM `d_order` WHERE `kode` = "KN210803001";
Delete Method
Exec Method