Escape string in codeigniter

Question

Is there any function in codeigniter similar to

mysql_real_escape_string()

I have tried $this->db->escape() but no luck

below code works

$surname = mysql_real_escape_string($request['3']);  // O'relley-max

but other CI method not working any suggestion. I need to know what CI method escaping string for a variable

I know if you use validation rules xss_clean it workes but i don't want to apply rules

check this SO answer: http://stackoverflow.com/a/3358603/270037 — Kumar V, Mar 19 '14 at 05:34
i have checked and searched i want to know if there any similar function? — Rakesh Sharma, Mar 19 '14 at 05:38
No. It is not me. what are you getting for `$this->db->escape()`? — Kumar V, Mar 19 '14 at 05:40
@kumar_v WHERE a.a_lname = ".$this->db->escape($surname)." works but i need to escape variable there it's not working — Rakesh Sharma, Mar 19 '14 at 05:54
check $sql = "SELECT $selectField FROM applications a JOIN users u ON u.a_id = a.a_id WHERE a.a_lname = '$surname' AND a.a_dob = '$dob' AND a.a_add1_postcode = '$postcode' limit 0,1"; — Rakesh Sharma, Mar 19 '14 at 06:01

score 3 · Answer 1 · answered Mar 19 '14 at 06:54

3

You can add a parameter

$this->input->post('item',true)

To avoid any script and it add up extra security to the input value its avoids the xss scripting check the above link for proper documentation

answered Mar 19 '14 at 06:54

saurabh kamble

1 Answers1