About the model class |
[eluser]ted wong[/eluser]
First, I would like to know, If I use this method to insert a record in my db, like this: Code: $new_user = array( Then, I would like to know will the insert method do the escape special character or not? do I need to do it manually? If yes, is there any easy way to do escaping the data to avoid SQL injection. Further more, if it is not escaped, I will have some where to do sanitize data, where should I do? and where should I put? put this logic in the model or controller is more suitable? Also, any way to do sanitize in CodeIgniter? Thank you. (I did the form_validation, but some logic check , like the user cannot have same username, where should I put the logic? Thank you. )
[eluser]danmontgomery[/eluser]
If you're using active record, values are escaped... This is covered in the user guide. http://ellislab.com/codeigniter/user-gui...tml#insert Quote:Note: All values are escaped automatically producing safer queries. http://ellislab.com/codeigniter/user-gui...urity.html http://ellislab.com/codeigniter/user-gui...input.html Checking unique values should still be done in form_validation. http://ellislab.com/codeigniter/user-gui...#callbacks |
Welcome Guest, Not a member yet? Register Sign In |