escaping quotes when updating db |
[eluser]qcsites[/eluser]
You can use the following method to do it in the model http://www.greenacorn-webdesign.co.uk/we...method.php Or you can create a function to use on your outputs. The other option is to not use active records and write your queries. If you go this route and allow unescaped entries you leave your application vulnerable to SQL injection. Generally speaking a bad idea. Sorry, part of the wonderful world of programming. |
Messages In This Thread |
escaping quotes when updating db - by El Forum - 09-14-2012, 12:18 PM
escaping quotes when updating db - by El Forum - 09-14-2012, 12:30 PM
escaping quotes when updating db - by El Forum - 09-14-2012, 12:43 PM
escaping quotes when updating db - by El Forum - 09-14-2012, 12:52 PM
escaping quotes when updating db - by El Forum - 09-14-2012, 01:02 PM
escaping quotes when updating db - by El Forum - 09-14-2012, 01:51 PM
escaping quotes when updating db - by El Forum - 09-16-2012, 07:05 AM
|