Codeigniter MySQL security, htmlspecialcharacters & mysql_real_escape_string?

Question

I've been reading a lot about database security and using htmlspecialcharacters() and mysql_real_escape_string.

Is this necessary to use these functions with codeigniter or does it handle this automatically? e.g.

$this->db->select('*', FALSE);
$this->db->where('published', 'yes');
$query = $this->db->get('my_table');
$results = $query->result_array()

Answer 1

You don't have to worry about escaping your text as long as you use active records.