Security in the codeigniter

If you're using the Active Record class for DB interaction the data will be escaped automatically:

Beyond simplicity, a major benefit to using the Active Record features is that it allows you to create database independent applications, since the query syntax is generated by each database adapter. It also allows for safer queries, since the values are escaped automatically by the system.

If not and you are manually running queries, you'll need to escape it yourself.

Some advice on your function:

public function view( $id ){    $this->load->model('news_model');    $this->news_model->get_by_id( $id );    // ...}

If $id is not present in the URL, you will get error notices. Set a default value:

public function view( $id = NULL )

Then check the value in your controller. Example:

if ( ! $id){    redirect('somwhere/else');}

Also, make sure you get a result before continuing (I assume your model returns false here if no record is found):

$record = $this->news_model->get_by_id( $id );if ( ! $record) // redirect with error message or something

You can validate the $ids type or integrity as much as you want, but for simplicity I would just pass it over to the model and return false if no record was found.

Even if you not running active records automatic escaping is provided. You just need to query the db like this:

$data=array($id, $name);$this->db->query("SELECT * FROM table WHERE id=? OR name=?", $data);