Codeigniter MySQL security, htmlspecialcharacters & mysql_real_escape_string?

Question

I've been reading a lot about database security and using htmlspecialcharacters() and mysql_real_escape_string.

Is this necessary to use these functions with codeigniter or does it handle this automatically? e.g.

$this->db->select('*', FALSE);
$this->db->where('published', 'yes');
$query = $this->db->get('my_table');
$results = $query->result_array()

possible duplicate of [Does Code Igniter automatically prevent SQL injection?](http://stackoverflow.com/questions/1615792/does-code-igniter-automatically-prevent-sql-injection) — Shankar Narayana Damodaran, Apr 05 '14 at 02:17
From the docs: "the values are escaped automatically by the system." http://ellislab.com/codeigniter/user-guide/database/active_record.html — crunch, Apr 05 '14 at 02:19

score 1 · Accepted Answer · answered Apr 05 '14 at 03:34

1

You don't have to worry about escaping your text as long as you use active records.

answered Apr 05 '14 at 03:34

CMPS

1 Answers1