CodeIgniter Forums
Escaping Insert data in Queries - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: Escaping Insert data in Queries (/thread-58841.html)



Escaping Insert data in Queries - El Forum - 07-26-2013

[eluser]Unknown[/eluser]
Hello everybody,

that's my first post Smile.
First of all I'd like to thank EllisLab for such a great work: CodeIgniter is exactly what I've been searching for. One of the main reasons why I decided to use ist, is the fact that I'm not forced to use a command-line-tool (which is needed in most other frameworks such as Symfony2).
So thank you guys - what you have built is awesome!

Then my question:
Is it necessary to escape the Insert-Values in Active-Record Queries?

For Example:
Code:
$data = array("field1"=>$value1); //or array("field1"=>mysql_real_escape($value1)) instead?
$this->db->insert('mytable', $data);

Is the statement beeing "prepared" in the background?

Thanks for replies.

Kind Regards,

Mike


Escaping Insert data in Queries - El Forum - 07-26-2013

[eluser]noideawhattotypehere[/eluser]
CI escapes it automatically


Escaping Insert data in Queries - El Forum - 07-26-2013

[eluser]stuartr[/eluser]
Active record inserts are automatically escaped.


Escaping Insert data in Queries - El Forum - 07-26-2013

[eluser]Unknown[/eluser]
Okay - thank you for that fast response.

Post closed Smile