Welcome Guest, Not a member yet? Register   Sign In
Active record manual where clause is not automatically escaped as advertised
#1

[eluser]Unknown[/eluser]
Hello,

I used the active record "where" method as such:

$this->db->where (" (desc LIKE "%$search%" or name LIKE "%$search%"))

I thought that using the "where" method auto escapes the values but it did not.

In order to get it to work, I had to write the sql using bind variables (ie: ?).

-jeff


Messages In This Thread
Active record manual where clause is not automatically escaped as advertised - by El Forum - 06-20-2008, 05:05 PM



Theme © iAndrew 2016 - Forum software by © MyBB