How to escape all array elements from special characters while sending to mysql database

Question

I am sending an array which has been passed from View to Controller(ajax-json). In the controller, I am collecting all of them in array like this:

$to_update = array(
    'Name' =>$Name,
     'qualification' =>$qualification,
     'percentage' =>$percentage,
      );

And I will be sending this to Model for inserting in to database, and the call is like

$result  = $this->MODEL_NAME->FUNC_NAME($to_update);

And in Model, they are insered like,

$this->db->insert('table_name', $to_update);

Now I have to make sure that SQL INJECTION will be handled properly and No harm takes place when any special charecters entered from user. So I have to give ESCAPE functionality to the array. I have very huge arrays like above with hundreds of elements.

While saving it saves special charecter, but while fetching, there will be a problem and data will be lost. So Where I have to take care of escaping, and how Any suggestions please.

Answer 1

All of ActiveRecord's query-building methods like ,where, group, order, insert, update and so on, are safe against SQL injection AS LONG AS you do not pass them raw SQL strings.

CodeIgniter will recognize what type of data your variable is, and wrap it accordingly. That is, if it's a string, it will put ' and ' around the escaped value in the SQL, which is what you need to ensure that users can't inject anything malicious.

CodeIgniter is strip slashing the quotes and vulnerable scripts when using active records rather than running direct SQL queries.. So no wories for using Active records