$this->db->escape() - Fix. |
[eluser]barryskidmore[/eluser]
I went ahead and restored that original and now only call it when required: Code: /** Fits my needs and saves me abit of typing. Could easily be extended to check an array for all SQL keywords but I do not need to be that specific. Any exploration of automating the preparation of data so as to severly limit injection attacks is always worthwhile, especially when the documentation offers little in the way of technique explanation. http://ellislab.com/codeigniter/user-gui...lpers.html Quote:This function simplifies the process of writing database inserts. It returns a correctly formatted SQL insert string. Example: Quote:Note: Values are automatically escaped, producing safer queries. |
Messages In This Thread |
$this->db->escape() - Fix. - by El Forum - 09-22-2008, 12:46 PM
$this->db->escape() - Fix. - by El Forum - 09-22-2008, 01:16 PM
$this->db->escape() - Fix. - by El Forum - 09-22-2008, 01:24 PM
$this->db->escape() - Fix. - by El Forum - 09-22-2008, 01:34 PM
$this->db->escape() - Fix. - by El Forum - 09-22-2008, 02:52 PM
$this->db->escape() - Fix. - by El Forum - 09-22-2008, 03:07 PM
$this->db->escape() - Fix. - by El Forum - 11-13-2008, 10:04 PM
|