XF 2.2 How to properly escape data before entry into the database.

mjda

Well-known member
I have an addon where members submit files with data in them. Since I then parse the files by line I can't use $this->filter...so I'm wondering what the proper way would be to make sure this data is safe to insert into the database?

I should note that I am still using the entity creator to insert the data. I'm just not sure how to filter each of those lines before I get to that point.

I've read that mysqli_real_escape_string could be used, but I'm wondering if there is a XF function already for this?
 

Lukas W.

Well-known member
If you're using the entity system to save your data into the db, then it should use prepared statements which should be able to handle this for you already unless I'm mistaken.
 

mjda

Well-known member
If you're using the entity system to save your data into the db, then it should use prepared statements which should be able to handle this for you already unless I'm mistaken.

That would be great! I was actually hoping that would be the case. Thanks for the reply.
 
Top