Welcome Guest, Not a member yet? Register   Sign In
Mysql query question about using active record
#8

[eluser]Khoa[/eluser]
Derek, if what I want to compare is a string (like a LIKE clause), will manually doing it like that make my code more vulnerable? Because as I read on the user guide that things inside db->where, db->or_where...are automatically escaped. So manually doing it means it will not be escaped at all!! Is it right? If yes, how can I achieve both the flexibility of hand writing where clauses and the power that CI provides? Thanks.

BTW, with "escaping" does it mean my code is completely safe? And no need to worry about things like sql injection at all?


Messages In This Thread
Mysql query question about using active record - by El Forum - 01-12-2008, 08:11 AM
Mysql query question about using active record - by El Forum - 01-12-2008, 08:22 AM
Mysql query question about using active record - by El Forum - 01-12-2008, 08:25 AM
Mysql query question about using active record - by El Forum - 01-12-2008, 09:01 AM
Mysql query question about using active record - by El Forum - 01-12-2008, 12:14 PM
Mysql query question about using active record - by El Forum - 01-14-2008, 06:05 AM
Mysql query question about using active record - by El Forum - 01-14-2008, 11:47 AM
Mysql query question about using active record - by El Forum - 08-29-2008, 12:14 AM
Mysql query question about using active record - by El Forum - 08-29-2008, 06:21 AM
Mysql query question about using active record - by El Forum - 08-31-2008, 08:24 AM



Theme © iAndrew 2016 - Forum software by © MyBB