Welcome Guest, Not a member yet? Register   Sign In
escape question

I know it's good practice to use the escape function


I know it adds single quotes around the string but i want the single quotes removed. Is there function that strips the slashes and removes the single quotes? whats the best way to prep it for display?

See the <b>query bindings</b> section from http://ellislab.com/codeigniter/user-gui...eries.html

The idea is to not build queries by hand like:
$query = 'select * from something where id = ' . $id . ' limit ' . $from . ', ' . $to;
just simply use
$query = 'select * from something where id = ? limit ?, ?';
and let the framework do the job for you.

If you use Active Record, most of the methods will automatically escape your data!


@dadamssg87 - I recently came across the same thing. You want to use:


$sql = "SELECT id FROM table WHERE column LIKE '%".$this->db->escape_like_str($search)."%'";

It's found in the Escaping Queries section, option 3.


@InsiteFX - Sometimes I find Active Record to be more cumbersome than it's worth. I use both methods where it makes sense. Smile

Theme © iAndrew 2016 - Forum software by © MyBB