Welcome Guest, Not a member yet? Register   Sign In
Escaping in CodeIgniter..
#1

[eluser]Lovecannon[/eluser]
I had a question. Does CodeIgniter automatically run a function like mysql_real_escape_string either when it runs, or with the XSS clean function?
#2

[eluser]ejangi[/eluser]
I don't think there's one that runs on all queries by default per se, but there are a number of methods in the database class which help. For instance, there's:
Code:
$this->db->escape();
and query bindings (which automatically get escaped):
Code:
$sql = "SELECT * FROM some_table WHERE id = ? AND status = ? AND author = ?";
$this->db->query($sql, array(3, 'live', 'Rick'));
But, definitely if you use the active record class everything is escaped for you:
Code:
$this->db->select('*');
$this->db->from('blogs');
$this->db->join('comments', 'comments.id = blogs.id');
$query = $this->db->get();
#3

[eluser]Lovecannon[/eluser]
I know that but I was just curious as to whether or not there was an auto one or if it was done in the xss filter
#4

[eluser]Michael Wales[/eluser]
If you use the Active Record class - your queries will be escaped properly (for MySQL).




Theme © iAndrew 2016 - Forum software by © MyBB