[eluser]ghst[/eluser]
Hi.
Trying to use active record class to insert input data to db
and escaping not working, cant understand why:
sample code:
post value is x' AND email IS NULL; --
Code:
function something() {
$variable = $this->input->post('web_url');
$data = array(
...
'weburl' => $variable,
...);
$this->db->update('table', $data);
}
inserted result looks like:
x' AND email IS NULL; --
but if i use something like this
Code:
$variable = $this->db->escape_str($this->input->post('web_url'));
inserted data looks like it should x\' AND email IS NULL; --
Question is: Why escaping doesnt work automaticaly ?
P.s. sorry for my bad english
(c.i version 2.1.0)
.