weina67
(Weinanas)
1
Does the ActveRecord save() function apply mysql_escape_string to all the values inputed into the database?
What I do is the following:
$model = new User;
$model->attributes = $_POST[‘User’];
$model->save()
does the save() escape the characters inputted into the database?
andy_s
(Arekandrei)
2
It doesn’t, but if your question was “should I worry about sql injections”, then the answer is “no” 
Some info: Prepared statements.
weina67
(Weinanas)
3
Wait when I call save() that uses prepared statements to enter the values in the database?
