Welcome Guest, Not a member yet? Register   Sign In
Preferred method to escape data using Active Record?
#1

[eluser]thatscriptguy[/eluser]
This issue here is that $this->db->escape places single quotes (') around values that you escape. Which means that Value gets turned into 'Value'

So, for example, if I say
Code:
$email=$this->db->escape($this->input->post('email'));

        $query = $this->db->get_where('members', array('email' => $email));

Instead of selecting records where `email`='email@address', it selects records where `email`="'email@address'"

I think I'm trying to mix two different things here, which is why I'm having difficulties.

So the question is this: What is the preferred method for escaping user data when working with Active Record or does AR escape data automatically?

Thanks,
Kevin
#2

[eluser]xwero[/eluser]
the ar library excapes the values by default




Theme © iAndrew 2016 - Forum software by © MyBB