Welcome Guest, Not a member yet? Register   Sign In
Database escape problem

Hi all
I am just a beginner and i have just started using CI again

Dealing with the databases I run into a problem.

            $username = $this->db->escape($username);
            $password = $this->db->escape($password);
            $email = $this->db->escape($email);
            $hirlevel = $this->db->escape($hirlevel);
            $password = dohash($password);
            $query="INSERT INTO users(username,pass,join_date,email,hirlevel)  VALUES('$username','$password',now(),'$email','$hirlevel')";

If I run this code CI give me this error:
Quote:An Error Was Encountered

Error Number: 1064

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'dasd'','7ab515d12bd2cf431745511ac4ee13fed15ab578',now(),'[email protected]','1')' at line 1

INSERT INTO users(username,pass,join_date,email,hirlevel) VALUES(''dasd'','7ab515d12bd2cf431745511ac4ee13fed15ab578',now(),'[email protected]','1')

But if I comment out the escape commands everthing works fine.
What am I doing wrong?

[eluser]Derek Jones[/eluser]
escape() already adds quotes for you intelligently based on the variable type. So you're ending up with double single quotes:


Don't use quotes around your variables that you are escape()ing. Alternatively, use $this->db->escape_str() which just escapes the data and doesn't add quotes.

User Guide Reference

Or you can use Active Record's insert() method to handle it all for you:

$data['username'] = $this->input->post('username');

$this->db->insert('users', $data)

Theme © iAndrew 2016 - Forum software by © MyBB