Query binding

Query binding

Query binding is a good idea; it makes your queries easier to read; queries that use
the CodeIgniter binding are automatically escaped, leading to more secure queries.
The syntax is simple; for example, consider the following query:

   $query = "SELECT * FROM `users` WHERE user_email = ? AND user_level = ?";

Look at the end of the query; you can see that we use a question mark where we
would normally use a variable; this is something that would normally look like this:

   $query = "SELECT * FROM `users` WHERE user_email = $user_email AND user_level = $user_level";

How does CodeIgniter know what the question mark means, and how does
CodeIgniter put the correct value in the query? Take a look at this second line:

   $this->db->query($query, array($user_email, $user_level));

This is how it matches the value to the correct question mark. We use the $this-
>db->query() CodeIgniter function, passing to it two arguments. The fist is the
$query variable (containing the actual query), and the second is an array. Each
position in the array matches the position of the question marks in the SQL string