CodeIgniter Forums
Why can't I escape this input???? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Why can't I escape this input???? (/showthread.php?tid=15359)



Why can't I escape this input???? - El Forum - 02-02-2009

[eluser]KeyStroke[/eluser]
Hi,

I'm having a problem that's driving me insane. My search function query has this part:
Code:
AGAINST('?' IN BOOLEAN MODE)
and I'm using binding as you can tell, which automatically escapes variables (which is the search keywords here). However, if a user enters ', ", /, or other characters, then he'll get back a database SQL syntax error exposing the whole query.

Is there a way to treat any character(s) the user enters as search data without breaking the whole thing?

Appreciate your help.


Why can't I escape this input???? - El Forum - 02-02-2009

[eluser]Armchair Samurai[/eluser]
Try leaving out the quotes - query bindings should take care of that for you.


Why can't I escape this input???? - El Forum - 02-02-2009

[eluser]KeyStroke[/eluser]
Same thing with no quotes :\


Why can't I escape this input???? - El Forum - 02-03-2009

[eluser]KeyStroke[/eluser]
Anyone? Sad