[CI2] add_slashes for inserting Data to DB |
Hi,
I am using mysqli, and using below query $test = htmlspecialchars(addslashes($this->input->post('test'))); $sql = "SELECT * from table WHERE file_id = '$test'"; $query = $this->db->query($sql); I tried sample scripts of SQL injections, and looks it avoids all sql injection codes. ex) INSERT INTO User (name) VALUES (?); Robert'); DROP TABLE User; Is this fine way to use in CI2? Thank you
Query Bindings are easier to use in that case and less error prone.
CI2 is NOT supported anymore.
addslashes() is NOT suitable for SQL escaping. htmlspecialchars() has NOTHING in common to do with SQL escaping. |
Welcome Guest, Not a member yet? Register Sign In |