Welcome Guest, Not a member yet? Register   Sign In
[CI2] add_slashes for inserting Data to DB
#1

(This post was last modified: 02-21-2016, 09:21 PM by ciadmin.)

Hi,

I am using mysqli, and using below query

$test = htmlspecialchars(addslashes($this->input->post('test')));

$sql = "SELECT * from table WHERE file_id = '$test'";
$query = $this->db->query($sql);

I tried sample scripts of SQL injections, and looks it avoids all sql injection codes. 
ex)
INSERT INTO User (name) VALUES (?);
Robert'); DROP TABLE User; 

Is this fine way to use in CI2?

Thank you
Reply
#2

Query Bindings are easier to use in that case and less error prone.
Reply
#3

CI2 is NOT supported anymore.
addslashes() is NOT suitable for SQL escaping.
htmlspecialchars() has NOTHING in common to do with SQL escaping.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB