CI escape_str or escape

If you using CI active record then all of the query is already being escape, but what about custom query? You should use escape_str or escape at the where statement. So what is the different between escape_str or escape? which one should we use? Let’s discuss about it.

escape

Below is the example :


$this->db->query("SELECT name FROM user WHERE username = ". $this->db->escape($lang) ."");

You can use “escape” to escape string or int.

escape_str

Below is the example :


$this->db->query("SELECT name FROM user WHERE username = ". $this->db->escape_str($lang) ."");

You can use “escape_str” to escape string.

Normaly the query would be like :


$this->db->query("SELECT name FROM user WHERE username = '". $username ."'");

If you are using escape then no need to add another ” to your query value cause automaticly being added by the escape.

Well that’s my brief explanation about those two, in common usage we should use escape cause it could handle both str or int.

Leave a Reply

Your email address will not be published. Required fields are marked *