Escaping in CodeIgniter.. |
[eluser]Lovecannon[/eluser]
I had a question. Does CodeIgniter automatically run a function like mysql_real_escape_string either when it runs, or with the XSS clean function?
[eluser]ejangi[/eluser]
I don't think there's one that runs on all queries by default per se, but there are a number of methods in the database class which help. For instance, there's: Code: $this->db->escape(); Code: $sql = "SELECT * FROM some_table WHERE id = ? AND status = ? AND author = ?"; Code: $this->db->select('*');
[eluser]Lovecannon[/eluser]
I know that but I was just curious as to whether or not there was an auto one or if it was done in the xss filter
[eluser]Michael Wales[/eluser]
If you use the Active Record class - your queries will be escaped properly (for MySQL). |
Welcome Guest, Not a member yet? Register Sign In |