Pavan Kumar
Reputation: 406
Codeigniter allowing single quote in insert query
Hello i have read that "Codeigniter update and insert function values are escaped automatically producing safer queries."
But i tried to insert the data with the single quote in my contactUs form. But i have noticed that single quote is added in my database.
Here is my code
Controller:
$data=array('name'=>$this->input->post('name'),'EmailId'=>$this->input->post('emailid'));
$this->mymodel->insert_data('mytable',$data);//Sending data to the model
Model
public function insert_data($table,$data)
{
$this->db->insert($table,$data);
return 'success.';
}
Any suggetions???
Thanks in Advance
Upvotes: 0
Views: 2369
Answers (1)
user399666
Reputation: 19879
Single quotes aren't an issue if they have been properly escaped beforehand or if they have been inserted into the table using a prepared statement. Stripping out such characters completely could violate data integrity.
Upvotes: 1
Related Questions
- CodeIgniter Active Records is not auto escaping a single quote while inserting the data
- Getting extra quote in query using codeigniter
- CodeIgniter Query Escaping Quotes
- Allow single quote in sql query
- Insert single quote or double quote to the database with codeigntier
- CodeIgniter inserting data to database with quotes in string
- Need to insert a string that may have double quotes
- How to insert double quoted string value in database using codeigniter active records?
- Codeigniter active records insert query with single quotes
- How to remove single quotes that is automatically inserted in codeigniter?