• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[CI2] add_slashes for inserting Data to DB


I am using mysqli, and using below query

$test = htmlspecialchars(addslashes($this->input->post('test')));

$sql = "SELECT * from table WHERE file_id = '$test'";
$query = $this->db->query($sql);

I tried sample scripts of SQL injections, and looks it avoids all sql injection codes. 
INSERT INTO User (name) VALUES (?);
Robert'); DROP TABLE User; 

Is this fine way to use in CI2?

Thank you

Query Bindings are easier to use in that case and less error prone.

CI2 is NOT supported anymore.
addslashes() is NOT suitable for SQL escaping.
htmlspecialchars() has NOTHING in common to do with SQL escaping.

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.