2

I'm using $this->db->escape in before inserting data in my db, however, when I query the db for that data, I'm having problems getting rid of the quotes.

I'm using str_replace("'", "",$p->post_text); but it removes all the single quotes as expected. If $p->post_text is a string like "I'm not gonna work for mary's brother no more" it will remove those as well. I noticed that the a backslash is added to single quotes that are on the the string and not on the ones generated by php.

So I tried :

 $post_text = str_replace("'", "",$p->post_text);
 $post_text1 = stripslashes($post_text);

Still not working. I guess the slashes are stripped automatically.

Any help will be appreciated.

UPDATED ADDED INSERT QUERY:

 $data = array('aluno_id' => $myid,
               'post_text' => $this->db->escape($text),
               'post_image' => $this->db->escape($img),
               'youtube_link' => $this->db->escape($video_code),
               'media_top' => $this->db->escape($media_top),
               'post_date' => date(date('Y-m-d H:i:s')) 

                            );

 $this->db->insert('mutamba_posts',$data);
JasonMArcher
  • 14,195
  • 22
  • 56
  • 52
sunrisepoet
  • 107
  • 11
  • how is your insert command ? – Jorge Campos Jan 09 '15 at 03:52
  • Wait, does CI make you escape stuff when you pass it like that? That seems messed up. I'd think it would do the escaping for you. – cHao Jan 09 '15 at 04:00
  • @cHao I usually just do `'post_text' => $text` but I read on [elislab](https://ellislab.com/codeigniter/user-guide/database/queries.html) that it's safer to escape it using `$this->db->escape`. – sunrisepoet Jan 09 '15 at 04:03
  • `query` and `insert` are two different things. `insert` apparently escapes for you. And you want the data escaped exactly once -- 0 times is unsafe, but 2 or more times gives you junked up data. – cHao Jan 09 '15 at 04:06
  • @cHao not sure I understand, you are saying I shouldn't use the `$this->db->escape` on inserting? – sunrisepoet Jan 09 '15 at 04:14
  • http://stackoverflow.com/questions/10968527/escaping-sql-queries-in-codeigniter – Jorge Campos Jan 09 '15 at 04:19
  • 2
    Right. `escape` is for when you're building queries by hand and such. See https://ellislab.com/codeigniter/user-guide/database/active_record.html#insert , particularly that red box at the end of the section. They're escaping the data you pass to `insert`, so you shouldn't be escaping it yourself. – cHao Jan 09 '15 at 04:20
  • 1
    @cHao I knew it! this page https://ellislab.com/codeigniter/user-guide/database/queries.html]https://ellislab.com/codeigniter/user-guide/database/queries.html confused me a little thanks for your quick reply ;) – sunrisepoet Jan 09 '15 at 04:23

1 Answers1

4

Although its an old question but no solution so i add this.

Try using

$this->db->escape_str($YOUR_STRING);
Tanmay Majumder
  • 392
  • 1
  • 4
  • 17