What does query builder actually escape? |
I'm looking for reliable answers to the following scenario regarding whether or not the data is escaped by query builder:
Code: $this->db->select($evilInput); // pretty sure it is In which of the above scenarios does `$evilInput` need to be escaped manually? The docs is a little iffy on these types of examples. I know `set()` escapes as well as `$this->db->get('tablename', $escape_this_array);`
For quick check you can print out latest query and see how it handles keys and data:
PHP Code: echo $this->db->last_query();
@alex.fagard,
...or you could consider Query bindings ( https://codeigniter.com/user_guide/datab...y-bindings ). |
Welcome Guest, Not a member yet? Register Sign In |