Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Active Record insert doesn't appear to be escaping queries...
Active Record insert doesn't appear to be escaping queries...
  • El Forum
    Guest
  •  
#1
11-26-2007, 08:51 AM

[eluser]gabe[/eluser]
User guide says queries are escaped, I am using MySQL 5 DB and this is the kind of query I run:
Code:
$data = array( 'forename' => "helo ' world`" );
Code:
$this->db->insert( 'mytable', $data );

The table row then contains the following:
Code:
helo ' world`


However, if I manually escape it like so:
Code:
$data = array( 'forename' => $this->db->escape( "helo ' world`" ) );
Code:
$this->db->insert( 'mytable', $data );


The table row then contains the following:
Code:
'helo \' world`'



Which is what I expected. Is anyone able to shed some light on this issue, or reassure me that active record insert is escaping the data, but it just didn't see the need to escape this particular string.

Many thanks

Gabriel


Messages In This Thread
Active Record insert doesn't appear to be escaping queries... - by El Forum - 11-26-2007, 08:51 AM



Theme © iAndrew 2016 - Forum software by © MyBB