Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Escaping Insert data in Queries
Escaping Insert data in Queries
  • El Forum
    Guest
  •  
#1
07-26-2013, 12:13 AM

[eluser]Unknown[/eluser]
Hello everybody,

that's my first post Smile.
First of all I'd like to thank EllisLab for such a great work: CodeIgniter is exactly what I've been searching for. One of the main reasons why I decided to use ist, is the fact that I'm not forced to use a command-line-tool (which is needed in most other frameworks such as Symfony2).
So thank you guys - what you have built is awesome!

Then my question:
Is it necessary to escape the Insert-Values in Active-Record Queries?

For Example:
Code:
$data = array("field1"=>$value1); //or array("field1"=>mysql_real_escape($value1)) instead?
$this->db->insert('mytable', $data);

Is the statement beeing "prepared" in the background?

Thanks for replies.

Kind Regards,

Mike
  • El Forum
    Guest
  •  
#2
07-26-2013, 12:22 AM

[eluser]noideawhattotypehere[/eluser]
CI escapes it automatically
  • El Forum
    Guest
  •  
#3
07-26-2013, 12:24 AM

[eluser]stuartr[/eluser]
Active record inserts are automatically escaped.
  • El Forum
    Guest
  •  
#4
07-26-2013, 02:19 AM

[eluser]Unknown[/eluser]
Okay - thank you for that fast response.

Post closed Smile




Theme © iAndrew 2016 - Forum software by © MyBB