| escape question |
[eluser]dadamssg87[/eluser]
I know it's good practice to use the escape function $this->db->escape() I know it adds single quotes around the string but i want the single quotes removed. Is there function that strips the slashes and removes the single quotes? whats the best way to prep it for display?
[eluser]vrencianz[/eluser]
See the <b>query bindings</b> section from http://ellislab.com/codeigniter/user-gui...eries.html The idea is to not build queries by hand like: Code: $query = 'select * from something where id = ' . $id . ' limit ' . $from . ', ' . $to;Code: $query = 'select * from something where id = ? limit ?, ?';
[eluser]InsiteFX[/eluser]
If you use Active Record, most of the methods will automatically escape your data! InsiteFX
[eluser]timotheus[/eluser]
@dadamssg87 - I recently came across the same thing. You want to use: $this->db->escape_like_str() Code: $sql = "SELECT id FROM table WHERE column LIKE '%".$this->db->escape_like_str($search)."%'";It's found in the Escaping Queries section, option 3. http://ellislab.com/codeigniter/user-gui...eries.html @InsiteFX - Sometimes I find Active Record to be more cumbersome than it's worth. I use both methods where it makes sense. 
|
| Welcome Guest, Not a member yet? Register Sign In |
MENU
EXTRA MENU
ABOUT US
CodeIgniter is a powerful PHP framework with a very small footprint, built for developers who need a simple and elegant toolkit to create full-featured web applications.
