[eluser]Rick Jolly[/eluser]
[quote author="elitemedia" date="1191797365"]Hi,
I would like to know if inserting form posted datas in a Mysql databse using the CI filters is enough or should we use some more mysql_real_escape_string before?
I mean, is this enough to do so?
Code:
$data_to_insert = $this->input->post('myfield', TRUE);
[/quote]
Well, the xss input cleaning and database escaping are two different things. For example, xss_clean won't escape single quotes. Anyway, if you're using CI active record or query bindings, then the database escaping is done for you.