I am currently updating a section of code that uses mysql currently the escape string is structured like this: $product_name = mysql_real_escape_string(trim($_POST['product_name'])); and works fine.
My issue is when I change the above string to $product_name = mysqli_real_escape_string($database, (trim($_POST['product_name']))); and declare the following: $database = $this->load->database(); above it I get the error that its NULL
How do I escape a string with CI?
CodeIgniter user manual wrote the following.
Beyond simplicity, a major benefit to using the Active Record features is that it allows you >to create database independent applications, since the query syntax is generated by each >database adapter. It also allows for safer queries, since the values are escaped >automatically by the system.
You can use Input class in your controller.
$this->load->model('mymodel');
$something = $this->input->post('something');
$results = $this->mymodel->mymethod($something);
In your model
$this->db->insert('mytable', $data);
You use
$this->db->query("select ?",array("value"));
Where each ? In thee select is the variable you want escaped