Does CI automatically sanitize database input?

[eluser]Alexander Obenauer[/eluser]
I am wondering if Codeigniter automatically checks and sanitizes input to a database? For example, if a value is being updated, and a malicious input is sent, does CI clean that? Or do I need to do it on my own

[eluser]Seppo[/eluser]
CI prevents SQL injection if you use ActiveRecord or query bindings. For XSS protection you can enable it globally or do it manually. Are you interested in some sanitization in specific?

[eluser]rdjs[/eluser]
If you set the following in you config.php file:

$config['global_xss_filtering'] = TRUE;

CI will run the XSS filter for all POST and COOKIE data.

[eluser]Alexander Obenauer[/eluser]
Nothing specific, I need to make sure that no one can enter malicious data in my database for the deployment of an app on the internet.

[eluser]Alexander Obenauer[/eluser]
by using Query bindings or active records, a user could not input a "value; DROPTABLE..." and cause the database to follow commands thrown into the sql prompts?

[eluser]Pascal Kriete[/eluser]
That's correct. If you are constructing your own query you can call $this->db->escape() found here to get the same effect.

[eluser]Alexander Obenauer[/eluser]
perfect. thanks!