[eluser]Unknown[/eluser]
Hello all.
I'm sorry if this is a really daft question:
Using Active Record syntax to work with a MySQL database, looking at the CI docs there's a note under db->update() to say that all data is escaped (I presume by calling mysql_real_escape_string() somewhere along the line).
The same note isn't present under db->insert().
I was just wondering if someone could please clear up for me when Active Record does all the necessary escaping and when I need to do it myself, please?
Better to ask than to make an insecure assumption...
Thanks in advance,
Mark..
