• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
escape in active record not working for me

#1
[eluser]ghst[/eluser]
Hi.
Trying to use active record class to insert input data to db
and escaping not working, cant understand why:

sample code:

post value is x' AND email IS NULL; --


Code:
function something() {

  $variable = $this->input->post('web_url');

  $data = array(
    ...
    'weburl' => $variable,
    ...);

  $this->db->update('table', $data);
}

inserted result looks like:
x' AND email IS NULL; --

but if i use something like this
Code:
$variable = $this->db->escape_str($this->input->post('web_url'));

inserted data looks like it should x\' AND email IS NULL; --

Question is: Why escaping doesnt work automaticaly ?

P.s. sorry for my bad english

(c.i version 2.1.0)

.



Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.