Escaping data – for a database

It's never a good idea to trust any information or data that comes the user; you should always consider any data from the user to be untrustworthy and potentially dangerous. You are strongly advised to ensure that you escape any data coming in from the user, and never trust any data from the user unless you have passed it through various processes that should make that data safe enough to work with. One of these techniques is escaping data. This recipe demonstrates the escaping of variables in a database query.

Getting ready

First, we'll need to create a database table. For this example, let's assume the database table is named escape. Enter the following SQL into your database:

CREATE TABLE `escape` ( `id` INT NOT ...

Get CodeIgniter 2 Cookbook now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.