Home/ Questions/Q 9087437
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T21:41:47+00:00

I have a form with a bunch of fields. Sometimes users provides information and

  • 0

I have a form with a bunch of fields. Sometimes users provides information and descriptions with single quotes in it.

I’m validating the data with Jquery and CI, the problem is that apparently ActiveRecord isn’t escaping single quotes, leading to an error inserting/updating data.

Isn’t ActiveRecord supposed to escape these characters automatically? If it doesn’t, what is the usual way for handing single quotes in user input?

Example code of my model function that handles the insert:

public function setLicense($dataArray, $data_id="")
{
    $iRows  = 0; // Rows found.
    $DB = $this->load->database('some_database',TRUE,TRUE);

    //var_dump($dataArray);
    if(empty($dataArray))
        return(FALSE);

    if(!empty($data_id))
    {
        $DB->where('idx',$data_id);
        $iRows=$DB->count_all_results('some_table');
    }
    else
    {
        if(isset($LicenseData['idx']))
        {
            $license = $LicenseData['idx'];
            $DB->where('idx',$license);
            $iRows=$DB->count_all_results('some_table');
        }
    }
    if(!$iRows)
        $DB->insert('some_table',$dataArray);
    else
    {   
        $DB->where('idx',$data_id);
        $DB->update('some_table',$dataArray);
    }
    return(TRUE);
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It appears that the behaviour you’re describing is intentional when connecting with the ODBC db driver. Here is a quote from this Ellislab forum discusssion:

    Due to the very nature of ODBC – you can use pretty much any database
    platform without CodeIgniter having a way of knowing which one it is.
    And different databases have different escape characters and rules, so
    it’s really up to you to do such kind of escaping.

    • 0