developarvin
Reputation: 5087
Codeigniter - Automatically escape SQL queries
Before anything else, I know that Active Record automatically escapes all queries by it and that there is a method for manually escaping SQL.
$this->db->escape()
The problem is that I am using raw sql queries sometimes
$sql = "...."
$this->db->query($sql);
but I don't want to manually call the CI escape function each time I do it.
Is there a way to make CI automatically escape all queries passed to it? A config that can be set maybe?
Upvotes: 1
Views: 1980
Answers (1)
Eric T
Reputation: 1026
Referring to here http://codeigniter.com/user_guide/database/queries.html
You may consider using the Query Bind which is at the bottom of the url. Try to practice binding queries it is faster and cleaner way of doing.
Bind Queries Example:
$sql = "SELECT * FROM some_table WHERE id = ? AND price = ?";
$this->db->query($sql, array(3, 100));
Note** with binding method it is always automatically escape.
Upvotes: 2
Related Questions
- CodeIgniter Query Escaping Quotes
- when should I escape the sql query
- Codeigniter escape - unescape data from database
- Prevent SQL Injection in CodeIgniter
- codeigniter escaping queries
- Escaping SQL queries in Codeigniter
- Prevent SQL injections in codeigniter
- CodeIgniter - escaping SQL
- SQL query escaping + codeigniter
- Escaping mysql without single quotes?