Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion If a variable passes true after checking is_numeric, do I still need to escape before adding to my database?
If a variable passes true after checking is_numeric, do I still need to escape before adding to my database?
  • El Forum
    Guest
  •  
#1
09-01-2009, 10:12 AM

[eluser]rvillalon[/eluser]
If a variable passes true after checking is_numeric, do I still need to escape before adding to my database?
  • El Forum
    Guest
  •  
#2
09-01-2009, 10:20 AM

[eluser]rvillalon[/eluser]
Sorry everyone, I just answered my own question. I'm actually using Active Record, and from the manual, it say:

"Beyond simplicity, .. it also allows for safer queries, since the values are escaped automatically by the system."
  • El Forum
    Guest
  •  
#3
09-01-2009, 10:21 AM

[eluser]pistolPete[/eluser]
Do you use active record or query binding?
Both automatically escape the values.
  • El Forum
    Guest
  •  
#4
09-01-2009, 11:27 AM

[eluser]renownedmedia[/eluser]
With non CI PHP, I would say don't bother escaping if it passes is_numeric(), since you'd really just be wasting CPU cycles.
  • El Forum
    Guest
  •  
#5
09-01-2009, 11:28 AM

[eluser]rvillalon[/eluser]
Thanks Thomas,

That really helps!




Theme © iAndrew 2016 - Forum software by © MyBB