Validation prep_for_form |
[eluser]Aaron L.[/eluser]
Hello, I am trying to submit my form to a function which validates my form before inserting it into the DB. In this function, I am attempting to use prep_for_form (documentation). The problem is, when I fill-in the form with something like "I'm", I still get an SQL error because the ' is there. Here is my code: Code: $this->load->library('validation'); Do you know what's going on here? I'm stumped... Aaron
[eluser]Christopher Blankenship[/eluser]
htmlspecialchars? For converting the single quote. Quote:Any native PHP function that accepts one parameter can be used as a rule, like htmlspecialchars, trim, MD5, etc.from : http://www.ellislab.com/codeigniter/user...ation.html
[eluser]coolfactor[/eluser]
I don't see where you're defining $subject and $message variables. Could that be part of the problem?
[eluser]Rick Jolly[/eluser]
It is the job of the database library to escape sql. Either use Active Record or query bindings and the sql will be escaped automatically. Code: // query bindings
[eluser]Aaron L.[/eluser]
Thanks Rick! That is good to know. I've updated my code with an active record insert and it works fine. Thanks again!
|
Welcome Guest, Not a member yet? Register Sign In |