Escape function and Bindings are safe now? - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21) +--- Thread: Escape function and Bindings are safe now? (/showthread.php?tid=11153) |
Escape function and Bindings are safe now? - El Forum - 08-28-2008 [eluser]gurthgor[/eluser] I readed some old posts about the escape function and i am not sure if it uses addslashes or mysqli_real_escape_string. Also wanted to know if Escape Bindings work with mysqli_real_escape_string too. I found this in mysql_driver, not sure if escape uses this function function escape_str($str) { if (function_exists('mysqli_real_escape_string') AND is_object($this->conn_id)) { return mysqli_real_escape_string($this->conn_id, $str); } elseif (function_exists('mysql_escape_string')) { return mysql_escape_string($str); } else { return addslashes($str); } } Escape function and Bindings are safe now? - El Forum - 08-28-2008 [eluser]drewbee[/eluser] There should be no issues with these. Code: $query = $this->db->query("SELECT col1, col2 FROM tablename WHERE id = ?", $id); Escape function and Bindings are safe now? - El Forum - 08-29-2008 [eluser]Thorpe Obazee[/eluser] I believe they are safe. sometimes I echo my queries and they 'look' safe to me... :| |