Insert in DB without escaping - Printable Version

Insert in DB without escaping - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21)
+--- Thread: Insert in DB without escaping (/showthread.php?tid=16946)

Insert in DB without escaping - El Forum - 03-21-2009

[eluser]gryzzly[/eluser]
Hy,

What the best way to avoid input escaping when inserting datas in Db ?

I explain :
Suppose i want to insert configuration params into db (ex : key->tracker, value->the_google_analytics_script). The analytcs script is something like

Code:
<\script ....>a script with ' and " and & and diverse not conventionnals chars<\/script>

.

But, the active record class escape everything. We just get something we don't want in db:

Code:
&lgt;script&rgt;the script escaped&lgt;/script&rgt;

Doing so, if we need to make a call to the value dynamically, it will never work, since it's transformed into html chars and escaped.

What the best way to avoid this behavior ?

Manual query ?
$query="...";
$this->db->query($query);

Other ?

Thank's. And sorry if i'm not very clear :o)

Insert in DB without escaping - El Forum - 03-21-2009

[eluser]jalalski[/eluser]
Use

Code:
$this->db->set();

and set the third parameter to false.