CodeIgniter Forums
Escaping input with Active Record - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: Escaping input with Active Record (/thread-2783.html)



Escaping input with Active Record - El Forum - 08-23-2007

[eluser]stevefink[/eluser]
I noticed lately I'm doing quite a number of active record queries in this fashion:

$this->db->insert('makes', array('name' => $name));

I was just curious, is the CI engine escaping input when I use this method? I've already ran sanity code against $name, however escaping characters is always not to be taken for granted on any database manipulation.

Thanks,

- sf


Escaping input with Active Record - El Forum - 08-24-2007

[eluser]chobo[/eluser]
Quote:CodeIgniter uses a modified version of the Active Record Database Pattern. This pattern allows information to be retrieved, inserted, and updated in your database with minimal scripting. In some cases only one or two lines of code are necessary to perform a database action. CodeIgniter does not require that each database table be its own class file. It instead provides a more simplified interface.

Beyond simplicity, a major benefit to using the Active Record features is that it allows you to create database independent applications, since the query syntax is generated by each database adapter. It also allows for safer queries, since the values are escaped automatically by the system.