Escaping Insert data in Queries - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: Escaping Insert data in Queries (/showthread.php?tid=58841) |
Escaping Insert data in Queries - El Forum - 07-26-2013 [eluser]Unknown[/eluser] Hello everybody, that's my first post . First of all I'd like to thank EllisLab for such a great work: CodeIgniter is exactly what I've been searching for. One of the main reasons why I decided to use ist, is the fact that I'm not forced to use a command-line-tool (which is needed in most other frameworks such as Symfony2). So thank you guys - what you have built is awesome! Then my question: Is it necessary to escape the Insert-Values in Active-Record Queries? For Example: Code: $data = array("field1"=>$value1); //or array("field1"=>mysql_real_escape($value1)) instead? Is the statement beeing "prepared" in the background? Thanks for replies. Kind Regards, Mike Escaping Insert data in Queries - El Forum - 07-26-2013 [eluser]noideawhattotypehere[/eluser] CI escapes it automatically Escaping Insert data in Queries - El Forum - 07-26-2013 [eluser]stuartr[/eluser] Active record inserts are automatically escaped. Escaping Insert data in Queries - El Forum - 07-26-2013 [eluser]Unknown[/eluser] Okay - thank you for that fast response. Post closed |