[CI2] add_slashes for inserting Data to DB

[CI2] add_slashes for inserting Data to DB - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6)
+--- Forum: CodeIgniter 2.x (https://forum.codeigniter.com/forumdisplay.php?fid=18)
+--- Thread: [CI2] add_slashes for inserting Data to DB (/showthread.php?tid=64456)

[CI2] add_slashes for inserting Data to DB - lzwdct - 02-21-2016

Hi,

I am using mysqli, and using below query

$test = htmlspecialchars(addslashes($this->input->post('test')));

$sql = "SELECT * from table WHERE file_id = '$test'";
$query = $this->db->query($sql);

I tried sample scripts of SQL injections, and looks it avoids all sql injection codes.
ex)
INSERT INTO User (name) VALUES (?);
Robert'); DROP TABLE User;

Is this fine way to use in CI2?

Thank you

RE: [CI2] add_slashes for inserting Data to DB - kilishan - 02-21-2016

Query Bindings are easier to use in that case and less error prone.

RE: [CI2] add_slashes for inserting Data to DB - Narf - 02-22-2016

CI2 is NOT supported anymore.
addslashes() is NOT suitable for SQL escaping.
htmlspecialchars() has NOTHING in common to do with SQL escaping.