[eluser]Alexander Obenauer[/eluser]
I am wondering if Codeigniter automatically checks and sanitizes input to a database? For example, if a value is being updated, and a malicious input is sent, does CI clean that? Or do I need to do it on my own
[eluser]Seppo[/eluser]
CI prevents SQL injection if you use ActiveRecord or query bindings. For XSS protection you can enable it globally or do it manually. Are you interested in some sanitization in specific?
[eluser]Alexander Obenauer[/eluser]
Nothing specific, I need to make sure that no one can enter malicious data in my database for the deployment of an app on the internet.
[eluser]Alexander Obenauer[/eluser]
by using Query bindings or active records, a user could not input a "value; DROPTABLE..." and cause the database to follow commands thrown into the sql prompts?
[eluser]Pascal Kriete[/eluser]
That's correct. If you are constructing your own query you can call $this->db->escape() found here to get the same effect.