in a position to filter the variables?
$robot = new Robots(); $robot->type = "mechanical"; $robot->name = "Astro Boy"; $robot->year = 1952;
//This record only must be created if ($robot->create() == false) { echo "Umh, We can't store robots right now: \n"; foreach ($robot->getMessages() as $message) { echo $message, "\n"; } } else { echo "Great, a new robot was created successfully!"; }
mysql_real_escape_string ?
No, you don't need to escape values manually, Phalcon uses bound parameters to prevent SQL injections:
https://docs.phalcon.io/en/latest/reference/models.html#avoiding-sql-injections
Hi,
How do I handle this situation without mysqli_escape_string:
// Base model
$client = new Client();
// A raw SQL statement
$sql = "select * from Client where ID not in (select ClientID from CompanyRouteNumber) and CompanyID = " . $param[0] . " and Address1 = '" . mysqli_escape_string($client->getReadConnection(), $param[1]) . "'";
// Execute the query
$clients = new Resultset(null, $client, $client->getReadConnection()->query($sql));I try, to bound parameters, but I failed.
Thank you.