If a variable passes true after checking is_numeric, do I still need to escape before adding to my database? - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21) +--- Thread: If a variable passes true after checking is_numeric, do I still need to escape before adding to my database? (/showthread.php?tid=22210) |
If a variable passes true after checking is_numeric, do I still need to escape before adding to my database? - El Forum - 09-01-2009 [eluser]rvillalon[/eluser] If a variable passes true after checking is_numeric, do I still need to escape before adding to my database? If a variable passes true after checking is_numeric, do I still need to escape before adding to my database? - El Forum - 09-01-2009 [eluser]rvillalon[/eluser] Sorry everyone, I just answered my own question. I'm actually using Active Record, and from the manual, it say: "Beyond simplicity, .. it also allows for safer queries, since the values are escaped automatically by the system." If a variable passes true after checking is_numeric, do I still need to escape before adding to my database? - El Forum - 09-01-2009 [eluser]pistolPete[/eluser] Do you use active record or query binding? Both automatically escape the values. If a variable passes true after checking is_numeric, do I still need to escape before adding to my database? - El Forum - 09-01-2009 [eluser]renownedmedia[/eluser] With non CI PHP, I would say don't bother escaping if it passes is_numeric(), since you'd really just be wasting CPU cycles. If a variable passes true after checking is_numeric, do I still need to escape before adding to my database? - El Forum - 09-01-2009 [eluser]rvillalon[/eluser] Thanks Thomas, That really helps! |