kishan
Reputation: 301
Where should I use escape function in the following code?
How should I use the escape function in the following code?
public function Add_video()
{
$Game_type = $_POST['Game'];
$Video_type = $_POST['video_type'];
$Url = $_POST['url'];
$Url = mysql_escape_string($Url); // Video url
$Data = array(
'Game_type' => $Game_type,
'Video_type' => $Video_type,
'Video_url' => $Url
);
$this->db->insert('videos', $Data);
}
Upvotes: 0
Views: 55
Answers (1)
Kyslik
Reputation: 8385
for any post or get request please do use Codeigniter's native functions
see following code
public function Add_video()
{
$Game_type = $this->input->post('Game');
$Video_type = $this->input->post('video_type');
$Url = $this->input->post('url');
//$Url = mysql_escape_string($Url); // Video url
$data = array(
'Game_type' => $Game_type,
'Video_type' => $Video_type,
'Video_url' => $Url
);
$this->db->insert('videos', $data);
}
or simply create your array right away:
$data = array(
'Game_type' => $this->input->post('Game'),
'Video_type' => $this->input->post('video_type'),
'Video_url' => $this->input->post('url'),
);
I recommend you to not use capitalization on first letter eg.: "game" instead of "Game"
Upvotes: 1
Related Questions
- How does Codeigniter handle escaping output?
- when should I escape the sql query
- Proper way to escape and display strings in forms using CodeIgniter
- Codeigniter DB escape and like
- Escape DB results using html_escape()
- codeigniter escaping queries
- Codeigniter Escaping Data
- Do I need to escape this?
- displaying escaped data [codeigniter]
- Using Codeigniter Escape function