Active Record and Auto Escape for safe query

[eluser]searain[/eluser]
http://ellislab.com/codeigniter/user-gui...ecord.html

As in the manual, "It also allows for safer queries, since the values are escaped automatically by the system."

$this->db->where();

Note: All values passed to this function are escaped automatically, producing safer queries.


But for the functions like

$this->db->or_where();
$this->db->where_in();
...

There isn't such notes like "Note: All values passed to this function are escaped automatically, producing safer queries."

So what functions auto escape the values, what functions don't? Or all of of them are auto escaped?

Thanks!

[eluser]Cristian Gilè[/eluser]
All the active record methods escape values automatically as the user guide says in the beginning:

Beyond simplicity, a major benefit to using the Active Record features is that it allows you to create database independent applications, since the query syntax is generated by each database adapter. It also allows for safer queries, since the values are escaped automatically by the system.

You can check the source code in the DB_active_rec.php file under system/database


Cristian Gilè

[eluser]searain[/eluser]
Thanks!

I thought so. all the active records methods escape values. But somehow under some functions they have the note about escape, and some of them don't, get me confused.