Welcome Guest, Not a member yet? Register   Sign In
Escaping Insert data in Queries

Hello everybody,

that's my first post Smile.
First of all I'd like to thank EllisLab for such a great work: CodeIgniter is exactly what I've been searching for. One of the main reasons why I decided to use ist, is the fact that I'm not forced to use a command-line-tool (which is needed in most other frameworks such as Symfony2).
So thank you guys - what you have built is awesome!

Then my question:
Is it necessary to escape the Insert-Values in Active-Record Queries?

For Example:
$data = array("field1"=>$value1); //or array("field1"=>mysql_real_escape($value1)) instead?
$this->db->insert('mytable', $data);

Is the statement beeing "prepared" in the background?

Thanks for replies.

Kind Regards,


CI escapes it automatically

Active record inserts are automatically escaped.

Okay - thank you for that fast response.

Post closed Smile

Theme © iAndrew 2016 - Forum software by © MyBB