+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: Libraries & Helpers (https://forum.codeigniter.com/forumdisplay.php?fid=11)
+--- Thread: escape str vs query builder (/showthread.php?tid=78534)
escape str vs query builder - alexisbix - 02-04-2021
Sorry, got a really basic question on escape_str, should it be adding backslashes for each apostrophe? Whereas query builder won't?
RE: escape str vs query builder - InsiteFX - 02-04-2021
You use it on data that your going to be saving into a database.
MySQL escape string is depreciated.
RE: escape str vs query builder - alexisbix - 02-04-2021
(02-04-2021, 03:56 PM)InsiteFX Wrote: You use it on data that your going to be saving into a database.
MySQL escape string is depreciated.
Thanks for the reply, I mean, the codeigniter escape_str function, should this be adding backslashes before apostrophes? I thought that was only if magic quotes was enabled.
RE: escape str vs query builder - InsiteFX - 02-04-2021
Yes, it should because it is interpreted as a single quote mark.
RE: escape str vs query builder - alexisbix - 02-05-2021
(02-04-2021, 09:50 PM)InsiteFX Wrote: Yes, it should because it is interpreted as a single quote mark.
Thanks again for your reply, does this not imply the documentation is incorrect, as the query builder does not put the backslash, which implies that the query builder is using bindings and not using an escape function (as it appears to suggest?)
RE: escape str vs query builder - alexisbix - 02-08-2021
(02-04-2021, 09:50 PM)InsiteFX Wrote: Yes, it should because it is interpreted as a single quote mark.
Essentially, to clarify, I thought escape string doesn't do this nowadays, and only does it if PHP magic quotes is on?