security question

[eluser]dadamssg87[/eluser]
I'd love for someone to explain how they sanitize their POSTS to store into their databases. I'm using the xss_clean function in my form validation but i don't think that covers sql injections. Is there a codeigniter function that sanitizes post data for sql injection?

[eluser]pickupman[/eluser]
If you are using ActiveRecord syntax ($this->db->update/insert) along with xss_clean, you are doing it correctly. The ActiveRecord syntax automatically escapes sql queries unless you have explicitly set it not to. Also using $this->db->set('field_name', $field_name) will protect the fields as well.

Code:

foreach($_POST as $key => $val){
  $this->db->set($key, $val);
}