Added param to rawQuery() to disable query variable filtering

Author: avbdr

MysqliDb.php

@@ -188,12 +188,15 @@ public function setPrefix($prefix = '')
      *
      * @param string $query      Contains a user-provided query.
      * @param array  $bindParams All variables to bind to the SQL statment.
+     * @param bool   $sanitize   If query should be filtered before execution
      *
      * @return array Contains the returned rows from the query.
      */
-    public function rawQuery($query, $bindParams = null)
+    public function rawQuery ($query, $bindParams = null, $sanitize = true)
     {
-        $this->_query = filter_var ($query, FILTER_SANITIZE_STRING,
+        $this->_query = $query;
+        if ($sanitize)
+            $this->_query = filter_var ($query, FILTER_SANITIZE_STRING,
                                     FILTER_FLAG_NO_ENCODE_QUOTES);
         $stmt = $this->_prepareQuery();
 

readme.md

@@ -127,8 +127,14 @@ if($db->delete('users')) echo 'successfully deleted';
 ```
 
 ### Generic Query Method
+By default rawQuery() will filter out special characters so if you getting problems with it
+you might try to disable filtering function. In this case make sure that all external variables are passed to the query via bind variables
+
 ```php
-$users = $db->rawQuery('SELECT * from users');
+// filtering enabled
+$users = $db->rawQuery('SELECT * from users where customerId=?', Array (10));
+// filtering disabled
+//$users = $db->rawQuery('SELECT * from users where id >= ?', Array (10), false);
 foreach ($users as $user) {
     print_r ($user);
 }