CodeIgniter Forums
If a variable passes true after checking is_numeric, do I still need to escape before adding to my database? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21)
+--- Thread: If a variable passes true after checking is_numeric, do I still need to escape before adding to my database? (/showthread.php?tid=22210)



If a variable passes true after checking is_numeric, do I still need to escape before adding to my database? - El Forum - 09-01-2009

[eluser]rvillalon[/eluser]
If a variable passes true after checking is_numeric, do I still need to escape before adding to my database?


If a variable passes true after checking is_numeric, do I still need to escape before adding to my database? - El Forum - 09-01-2009

[eluser]rvillalon[/eluser]
Sorry everyone, I just answered my own question. I'm actually using Active Record, and from the manual, it say:

"Beyond simplicity, .. it also allows for safer queries, since the values are escaped automatically by the system."


If a variable passes true after checking is_numeric, do I still need to escape before adding to my database? - El Forum - 09-01-2009

[eluser]pistolPete[/eluser]
Do you use active record or query binding?
Both automatically escape the values.


If a variable passes true after checking is_numeric, do I still need to escape before adding to my database? - El Forum - 09-01-2009

[eluser]renownedmedia[/eluser]
With non CI PHP, I would say don't bother escaping if it passes is_numeric(), since you'd really just be wasting CPU cycles.


If a variable passes true after checking is_numeric, do I still need to escape before adding to my database? - El Forum - 09-01-2009

[eluser]rvillalon[/eluser]
Thanks Thomas,

That really helps!