escape question

[eluser]dadamssg87[/eluser]
I know it's good practice to use the escape function

$this->db->escape()

I know it adds single quotes around the string but i want the single quotes removed. Is there function that strips the slashes and removes the single quotes? whats the best way to prep it for display?

[eluser]vrencianz[/eluser]
See the <b>query bindings</b> section from http://ellislab.com/codeigniter/user-gui...eries.html

The idea is to not build queries by hand like:

Code:

$query = 'select * from something where id = ' . $id . ' limit ' . $from . ', ' . $to;

just simply use

Code:

$query = 'select * from something where id = ? limit ?, ?';

and let the framework do the job for you.

[eluser]InsiteFX[/eluser]
If you use Active Record, most of the methods will automatically escape your data!

InsiteFX

[eluser]timotheus[/eluser]
@dadamssg87 - I recently came across the same thing. You want to use:

$this->db->escape_like_str()

Code:

$sql = "SELECT id FROM table WHERE column LIKE '%".$this->db->escape_like_str($search)."%'";

It's found in the Escaping Queries section, option 3.

http://ellislab.com/codeigniter/user-gui...eries.html

@InsiteFX - Sometimes I find Active Record to be more cumbersome than it's worth. I use both methods where it makes sense.