[eluser]shinokada[/eluser]
I load helpers, form, url and database in a controller.
I have the following model.
Code:
function entertest(){
$data = array(
'title' => $this->input->post('title'),
'embed' => $this->input->post('embed'),
);
$this->db->insert('video',$data);
}
When I enter < and > with script tag, it is inserted in DB.
I was assuming CI will change < to & g t;, but it did not.
According to the CI user guide, it says When you use $this->db->insert();, Note: All values are escaped automatically producing safer queries.
I also used ", but it is in DB as it is.
What am I doing wrong here?
Thanks in advance.