Welcome Guest, Not a member yet? Register   Sign In
Escaping in CodeIgniter..

I had a question. Does CodeIgniter automatically run a function like mysql_real_escape_string either when it runs, or with the XSS clean function?

I don't think there's one that runs on all queries by default per se, but there are a number of methods in the database class which help. For instance, there's:
and query bindings (which automatically get escaped):
$sql = "SELECT * FROM some_table WHERE id = ? AND status = ? AND author = ?";
$this->db->query($sql, array(3, 'live', 'Rick'));
But, definitely if you use the active record class everything is escaped for you:
$this->db->join('comments', 'comments.id = blogs.id');
$query = $this->db->get();

I know that but I was just curious as to whether or not there was an auto one or if it was done in the xss filter

[eluser]Michael Wales[/eluser]
If you use the Active Record class - your queries will be escaped properly (for MySQL).

Theme © iAndrew 2016 - Forum software by © MyBB