If a variable passes true after checking is_numeric, do I still need to escape before adding to my database?

#1
[eluser]rvillalon[/eluser]
If a variable passes true after checking is_numeric, do I still need to escape before adding to my database?

#2
[eluser]rvillalon[/eluser]
Sorry everyone, I just answered my own question. I'm actually using Active Record, and from the manual, it say:

"Beyond simplicity, .. it also allows for safer queries, since the values are escaped automatically by the system."

#3
[eluser]pistolPete[/eluser]
Do you use active record or query binding?
Both automatically escape the values.

#4
[eluser]renownedmedia[/eluser]
With non CI PHP, I would say don't bother escaping if it passes is_numeric(), since you'd really just be wasting CPU cycles.

#5
[eluser]rvillalon[/eluser]
Thanks Thomas,

That really helps!


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.