Validation prep_for_form - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: Validation prep_for_form (/showthread.php?tid=1880) |
Validation prep_for_form - El Forum - 07-02-2007 [eluser]Aaron L.[/eluser] Hello, I am trying to submit my form to a function which validates my form before inserting it into the DB. In this function, I am attempting to use prep_for_form (documentation). The problem is, when I fill-in the form with something like "I'm", I still get an SQL error because the ' is there. Here is my code: Code: $this->load->library('validation'); Do you know what's going on here? I'm stumped... Aaron Validation prep_for_form - El Forum - 07-02-2007 [eluser]Christopher Blankenship[/eluser] htmlspecialchars? For converting the single quote. Quote:Any native PHP function that accepts one parameter can be used as a rule, like htmlspecialchars, trim, MD5, etc.from : http://www.ellislab.com/codeigniter/user-guide/libraries/validation.html Validation prep_for_form - El Forum - 07-02-2007 [eluser]coolfactor[/eluser] I don't see where you're defining $subject and $message variables. Could that be part of the problem? Validation prep_for_form - El Forum - 07-02-2007 [eluser]Rick Jolly[/eluser] It is the job of the database library to escape sql. Either use Active Record or query bindings and the sql will be escaped automatically. Code: // query bindings Validation prep_for_form - El Forum - 07-02-2007 [eluser]Aaron L.[/eluser] Thanks Rick! That is good to know. I've updated my code with an active record insert and it works fine. Thanks again! Validation prep_for_form - El Forum - 07-02-2007 [eluser]Aaron L.[/eluser] Also, thanks to everyone else for helping. |