All data passed into a query is done using the database drivers escape function ($this->db->escape()) or is cast to a simple type such as an int and enclosed in single quotes.
Who is online
Users browsing this forum: No registered users and 2 guests