04-05-2015, 01:07 PM
Hi All!
I'm a beginner and have just started with CodeIgniter 3.0
If I don't want to forget the way how to create regular SQL-Code, I use this model:
In the config of database.php I use PDO to be safe:
My question: is it safe (SQL Injection) when I use that query above?
Many thanks
I'm a beginner and have just started with CodeIgniter 3.0
If I don't want to forget the way how to create regular SQL-Code, I use this model:
PHP Code:
public function intsertNew($firstname, $secondname, $age) {
$sql = "INSERT INTO tbl_employee (firstname, secondname, age) VALUES('$firstname', '$secondname', $age)";
$query = $this->db->query($sql);
return $query; // TRUE/FALSE
}
In the config of database.php I use PDO to be safe:
PHP Code:
$db['default'] = array(
'dsn' => 'mysql:host=localhost;dbname=employee',
'hostname' => 'localhost',
'username' => 'root',
'password' => '',
'database' => 'employee',
'dbdriver' => 'pdo',
'dbprefix' => '',
'pconnect' => FALSE,
'db_debug' => TRUE,
'cache_on' => FALSE,
'cachedir' => '',
'char_set' => 'utf8',
'dbcollat' => 'utf8_general_ci',
'swap_pre' => '',
'encrypt' => FALSE,
'compress' => FALSE,
'stricton' => FALSE,
'failover' => array(),
'save_queries' => TRUE
);
Many thanks