[CI2] add_slashes for inserting Data to DB - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6) +--- Forum: CodeIgniter 2.x (https://forum.codeigniter.com/forumdisplay.php?fid=18) +--- Thread: [CI2] add_slashes for inserting Data to DB (/showthread.php?tid=64456) |
[CI2] add_slashes for inserting Data to DB - lzwdct - 02-21-2016 Hi, I am using mysqli, and using below query $test = htmlspecialchars(addslashes($this->input->post('test'))); $sql = "SELECT * from table WHERE file_id = '$test'"; $query = $this->db->query($sql); I tried sample scripts of SQL injections, and looks it avoids all sql injection codes. ex) INSERT INTO User (name) VALUES (?); Robert'); DROP TABLE User; Is this fine way to use in CI2? Thank you RE: [CI2] add_slashes for inserting Data to DB - kilishan - 02-21-2016 Query Bindings are easier to use in that case and less error prone. RE: [CI2] add_slashes for inserting Data to DB - Narf - 02-22-2016 CI2 is NOT supported anymore. addslashes() is NOT suitable for SQL escaping. htmlspecialchars() has NOTHING in common to do with SQL escaping. |