Active record manual where clause is not automatically escaped as advertised

[eluser]Matthieu Fauveau[/eluser]
My guess is that it's the intended behavior for the custom string where clauses. Because "custom" implies that you don't want CI to do anything on the string you provide it with.

You could write that to avoid using query binding :

Code:

$like = $this->db->escape("%".$search."%");
[...]
$this->db->where('(desc LIKE '.$like.' OR name LIKE '.$like.')');