tags:

views:

173

answers:

1
+3  Q: 

Kohana v3, automatically escape illegal characters?

Quick question, does Kohana (version 3) automatically escape data that is passed into ORM::factory..... (and everywhere else that has to do with the database)?

For example:

$thread = ORM::factory('thread', $this->request->param('id'));

Would the data passed in the second argument be auto-escaped before it goes in the SQL query or do I have to manually do it? Probably a stupid question and it's better to be safe than sorry, but yeah... I usually do manually escape the data, but I want to know if Kohana does this for me?

Thanks

+2  A: 

It's auto-escaped. The only scenario where you have to worry about escaping is if you're writing your own SQL and inserting your data directly (by way of concatenation, for example), which you shouldn't be doing. The normal ways of querying a database in Kohana are parametrized queries (if you need to provide the SQL yourself), the query builder, and ORM, all of which handle escaping for you.

Will Vousden  2010-05-02 21:57:59
Can you show me where it says it escapes it? or did you look at the code? I wasn't able to find anything on the site when i looked.
Galen  2010-05-05 04:38:11
@Galen: Sorry for the late response – see the docs for the query builder (which is what ORM uses internally): http://docs.kohanaphp.com/libraries/database/builder#limitations
Will Vousden  2010-05-16 10:24:40

related questions

What language do you use for Postgresql triggers and stored procedures?
Are Multiple DataContext classes ever appropriate?
Which tools do people use to create Data Dictionaries?
Any experiences with Protocol Buffers?
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
How do I index a database field
How does database indexing work?
How do I connect to a database and loop over a recordset in C#?
Editing database records by multiple users
Object Oriented vs Relational Databases
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
Embedded Database for .net that can run off a network
Connect PHP to an AS/400
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
.NET Migrations Engine
Is there a version control system for database structure changes?
SQLite and XSD
How do I version my MS SQL database in SVN?
XSD DataSets and ignoring foreign keys
Flat File Databases in PHP
Throw Error In MySQL Trigger
Binary Data in MySQL