Do I need to use add_slashes() or anything?

[eluser]php_princess[/eluser]
I always use $this->db->escape() on anything I put in the database (unless I'm using active record). It doesn't seem to put slashes in front of single quotes because I see stuff in the database with naked single quotes.

This is bad, right? I need to do something to make sure single quotes always have a back slash in front of them, yes?

[eluser]benton.snyder[/eluser]
$this->db->escape() alone is sufficient. The naked single quotes you see in databases are extraneous.

Escaping a value should not add anything to the record, but instead tell the database engine to treat the value as simple text and not attempt to process it.