• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Mysql query question about using active record

#8
[eluser]Khoa[/eluser]
Derek, if what I want to compare is a string (like a LIKE clause), will manually doing it like that make my code more vulnerable? Because as I read on the user guide that things inside db->where, db->or_where...are automatically escaped. So manually doing it means it will not be escaped at all!! Is it right? If yes, how can I achieve both the flexibility of hand writing where clauses and the power that CI provides? Thanks.

BTW, with "escaping" does it mean my code is completely safe? And no need to worry about things like sql injection at all?


Messages In This Thread
Mysql query question about using active record - by El Forum - 01-12-2008, 08:11 AM
Mysql query question about using active record - by El Forum - 01-12-2008, 08:22 AM
Mysql query question about using active record - by El Forum - 01-12-2008, 08:25 AM
Mysql query question about using active record - by El Forum - 01-12-2008, 09:01 AM
Mysql query question about using active record - by El Forum - 01-12-2008, 12:14 PM
Mysql query question about using active record - by El Forum - 01-14-2008, 06:05 AM
Mysql query question about using active record - by El Forum - 01-14-2008, 11:47 AM
Mysql query question about using active record - by El Forum - 08-29-2008, 12:14 AM
Mysql query question about using active record - by El Forum - 08-29-2008, 06:21 AM
Mysql query question about using active record - by El Forum - 08-31-2008, 08:24 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.