Welcome Guest, Not a member yet? Register   Sign In
escape in active record not working for me

Trying to use active record class to insert input data to db
and escaping not working, cant understand why:

sample code:

post value is x' AND email IS NULL; --

function something() {

  $variable = $this->input->post('web_url');

  $data = array(
    'weburl' => $variable,

  $this->db->update('table', $data);

inserted result looks like:
x' AND email IS NULL; --

but if i use something like this
$variable = $this->db->escape_str($this->input->post('web_url'));

inserted data looks like it should x\' AND email IS NULL; --

Question is: Why escaping doesnt work automaticaly ?

P.s. sorry for my bad english

(c.i version 2.1.0)


Theme © iAndrew 2016 - Forum software by © MyBB