Codeigniter MySQL security, htmlspecialcharacters & mysql_real_escape_string?

Question

I've been reading a lot about database security and using htmlspecialcharacters() and mysql_real_escape_string.

Is this necessary to use these functions with codeigniter or does it handle this automatically? e.g.

$this->db->select('*', FALSE);
$this->db->where('published', 'yes');
$query = $this->db->get('my_table');
$results = $query->result_array()

possible duplicate of Does Code Igniter automatically prevent SQL injection? — Shankar Narayana Damodaran
– Shankar Narayana Damodaran, Commented Apr 5, 2014 at 2:17
From the docs: "the values are escaped automatically by the system." ellislab.com/codeigniter/user-guide/database/active_record.html — crunch
– crunch, Commented Apr 5, 2014 at 2:19

CMPS · Accepted Answer · 2014-04-05 03:34:29Z

1

You don't have to worry about escaping your text as long as you use active records.

answered Apr 5, 2014 at 3:34

CMPS

7,7874 gold badges32 silver badges53 bronze badges

Sign up to request clarification or add additional context in comments.

1 Answer 1