Home/ Questions/Q 1005327
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T08:16:39+00:00

I allow users to submit a question, and they should be able to have

  • 0

I allow users to submit a question, and they should be able to have single quotes in their title.
Currently, if a title contains a single quote, it will submit properly.
$question->values($post_data); $question->save();

Any ideas on how I can set Kohana to escape that single quote / escape my information automatically? I would like to avoid having to addslashes() every input and removeslashes() every display…

Thank you so much, SO community!
(This question is crossposted at http://forum.kohanaframework.org/comments.php?DiscussionID=6525)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Actually, you should never use addslashes() to escape DB values at all. Especially not in Kohana, since values are “escaped” while being saved ( example you’re giving is ORM one, you can always mess up a custom DB query to get a MySQL injection / broken query ).

    If you don’t want something to get escaped, wrap it in DB::expr() ( so it’ll return an instance of Database_Expression, which doesn’t get automatically escaped ).

    To escape a value manually, use Database::quote() (not static, call it through your Database object, e.g. $db->quote($value) ).

    • 0