• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
What does query builder actually escape?

I'm looking for reliable answers to the following scenario regarding whether or not the data is escaped by query builder:

$this->db->select($evilInput); // pretty sure it is
$this->db->where($evilInput2 ,"abc"); // i know abc is
$query =  $this->db->get($evilInput3);
$count = $query->num_rows();

In which of the above scenarios does `$evilInput` need to be escaped manually? The docs is a little iffy on these types of examples.

I know `set()` escapes as well as `$this->db->get('tablename', $escape_this_array);`

For quick check you can print out latest query and see how it handles keys and data:
PHP Code:
echo $this->db->last_query(); 


...or you could consider Query bindings ( https://codeigniter.com/user_guide/datab...y-bindings ).

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.