[eluser]Marcus Hodges[/eluser]
Hey. I'm building my first CI-driven app (also my first OOP or MVC or ActiveRecord app) so please bear with me.
When I make a simple insert statement, my values aren't getting escaped. For example:
Code:
$book = array(
'isbn' => $this->input->post('isbn'),
'title' => mysql_real_escape_string($this->input->post('title')),
'date' => $amazon->Items->Item->ItemAttributes->PublicationDate,
'publisher' => mysql_real_escape_string($amazon->Items->Item->ItemAttributes->Publisher),
'pages' => $amazon->Items->Item->ItemAttributes->NumberOfPages,
'review' => mysql_real_escape_string($amazon->Items->Item->EditorialReviews->EditorialReview->Content),
'image' => mysql_real_escape_string($amazon->Items->Item->LargeImage->URL),
'thumb' => mysql_real_escape_string($amazon->Items->Item->SmallImage->URL),
'filename' => $file['file_name']
);
$this->db->insert('books', $book);
I feel like I shouldn't have to put all of those redundant mysql_real_escape_string() functions in there, but the query fails without them. I've tried a couple things which say they automatically escape the data, but they don't work for me. The two things I tried were:
Code:
$sql = $this->db->insert_string('books', $book);
$this->db->query($sql);
// And...
$this->db->set($book);
$this->db->insert('books');
Likewise, this get_where statement also fails without the function attached to it.
Code:
$query = $this->db->get_where('authors', array('author' => mysql_real_escape_string($author)));
What am I missing?