1

Before anything else, I know that Active Record automatically escapes all queries by it and that there is a method for manually escaping SQL.

$this->db->escape()

The problem is that I am using raw sql queries sometimes

$sql = "...."
$this->db->query($sql);

but I don't want to manually call the CI escape function each time I do it.

Is there a way to make CI automatically escape all queries passed to it? A config that can be set maybe?

Improve this question

1 Answer 1

Reset to default
2

Referring to here http://codeigniter.com/user_guide/database/queries.html

You may consider using the Query Bind which is at the bottom of the url. Try to practice binding queries it is faster and cleaner way of doing.

Bind Queries Example:

$sql = "SELECT * FROM some_table WHERE id = ? AND price = ?"; 

$this->db->query($sql, array(3, 100));

Note** with binding method it is always automatically escape.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.