CodeIgniter Forums
Does code igniter auto escape db data? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21)
+--- Thread: Does code igniter auto escape db data? (/showthread.php?tid=40612)



Does code igniter auto escape db data? - El Forum - 04-13-2011

[eluser]Unknown[/eluser]
Just starting out with Code Igniter. I would assume this is taken care of by CI automatically but not sure. When using the database class, do I still need to worry about escaping strings?


Does code igniter auto escape db data? - El Forum - 04-13-2011

[eluser]tonanbarbarian[/eluser]
If you are using active record to build the query then No you do not have to escape strings
If you are building your query yourself then yes you do need to escape string
CI provides a method in the database class to do the escaping for you
Code:
$this->db->escape($something);



Does code igniter auto escape db data? - El Forum - 04-13-2011

[eluser]WanWizard[/eluser]
If you mean 'when writing to the database', and you use Active Record, the answer is "yes, it happens automatically".