CodeIgniter - escaping values before inserting in database

CodeIgniter - escaping values before inserting in database - single quotes issue

El Forum
Unregistered

#10

10-15-2014, 02:51 PM

[eluser]Zigson[/eluser]
I have played a bit with queries which could perform SQL injection.

I would say that it is safe to code with query bindings or active record functions (not all of them, see the documentation) because they automatically escape values.

Nevertheless, my inserted value in database is:
Test ” ’ test

And the code:

Code:
$data = array(

    'some_value' => $this->input->post('some_value'),

$this->db->insert($this->db->table, $data);

I did not use htmlentities() or htmlspecialchars().

Messages In This Thread

CodeIgniter - escaping values before inserting in database - single quotes issue - by El Forum - 10-15-2014, 04:21 AM

CodeIgniter - escaping values before inserting in database - single quotes issue - by El Forum - 10-15-2014, 05:29 AM

CodeIgniter - escaping values before inserting in database - single quotes issue - by El Forum - 10-15-2014, 05:40 AM

CodeIgniter - escaping values before inserting in database - single quotes issue - by El Forum - 10-15-2014, 08:56 AM

CodeIgniter - escaping values before inserting in database - single quotes issue - by El Forum - 10-15-2014, 12:28 PM

CodeIgniter - escaping values before inserting in database - single quotes issue - by El Forum - 10-15-2014, 12:34 PM

CodeIgniter - escaping values before inserting in database - single quotes issue - by El Forum - 10-15-2014, 12:39 PM

CodeIgniter - escaping values before inserting in database - single quotes issue - by El Forum - 10-15-2014, 12:59 PM

CodeIgniter - escaping values before inserting in database - single quotes issue - by El Forum - 10-15-2014, 01:12 PM

CodeIgniter - escaping values before inserting in database - single quotes issue - by El Forum - 10-15-2014, 02:51 PM