php - How to escape all array elements from special characters while sending to mysql database -
i sending array has been passed view controller(ajax-json). in controller, collecting of them in array this:
$to_update = array( 'name' =>$name, 'qualification' =>$qualification, 'percentage' =>$percentage, );
and sending model inserting in database, , call like
$result = $this->model_name->func_name($to_update);
and in model, insered like,
$this->db->insert('table_name', $to_update);
now have make sure sql injection handled , no harm takes place when special charecters entered user. have give escape functionality array. have huge arrays above hundreds of elements.
while saving saves special charecter, while fetching, there problem , data lost. have take care of escaping, , how suggestions please.
all of activerecord's query-building methods like ,where, group, order, insert, update , on,
safe against sql injection
long not pass them raw sql strings.
codeigniter recognize type of data variable is, , wrap accordingly. is, if it's string, put ' , ' around escaped value in sql, need ensure users can't inject malicious.
codeigniter strip slashing quotes , vulnerable scripts when using active records rather running direct sql queries.. no wories using active records
Comments
Post a Comment