Validation

[eluser]Suhas nazir[/eluser]
can anyone tell the best validation in codeigniter that can be done before inserting data to database

[eluser]Bart v B[/eluser]
That depence of what your going to insert into the database.
You first can start with a form validation.

http://ellislab.com/codeigniter/user-gui...ationrules

And to escape like _real_esacape_string():

Code:

$this->db->escape($this->input('something'));

[eluser]Suhas nazir[/eluser]
Thanks for ur reply .Actually i dont want to check whether it is integer ..,email etc or not ..but to avoid sql injection..
so for that what is the best thing that we can do to avoid sql injections.....??

[eluser]Bart v B[/eluser]
ok, i understand.

To avoid sql injections as i mention before you can use:

Code:

$this->db->escape($this->input('something'));

or you can use query bindings:

Code:

$sql = "INSERT INTO some_table (status, author) VALUES(?, ?)";

$this->db->query($sql, array('live', 'Rick'));

This would automatically escape the values.

[eluser]WanWizard[/eluser]
You should check and validate at the front door, so as Bart said, use form validation to make sure your input is correct. You can globally enable xss-cleaning of your input, or do it on a field by field basis.

And if you use Active Record, all your queries will be escaped automatically.