Display data securely which come from database

Display data securely which come from database - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: Model-View-Controller (https://forum.codeigniter.com/forumdisplay.php?fid=10)
+--- Thread: Display data securely which come from database (/showthread.php?tid=61397)

Display data securely which come from database - smallbug - 04-12-2015

For a query with

PHP Code:
$this->db->query($sql, array( $var )); 

superglobals must be bind when using. But is it safe in CodeIgniter when I read data from the database and then display them? I usually do that with htmlspecialchars() , how do I handle it as now in Codeigniter?

RE: Display data securely which come from database - silentium - 04-12-2015

You should still use htmlspecialchars() and similar functions. CodeIgniter do not format, escape or filter the database output for you.

What it does, when using the Query Builder Class, is escaping you queries that insert/update data in the database.

RE: Display data securely which come from database - smallbug - 04-12-2015

Thanks a lot!