• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[CI2] add_slashes for inserting Data to DB

#1
Hi,

I am using mysqli, and using below query

$test = htmlspecialchars(addslashes($this->input->post('test')));

$sql = "SELECT * from table WHERE file_id = '$test'";
$query = $this->db->query($sql);

I tried sample scripts of SQL injections, and looks it avoids all sql injection codes. 
ex)
INSERT INTO User (name) VALUES (?);
Robert'); DROP TABLE User; 

Is this fine way to use in CI2?

Thank you
Reply

#2
Query Bindings are easier to use in that case and less error prone.
Reply

#3
CI2 is NOT supported anymore.
addslashes() is NOT suitable for SQL escaping.
htmlspecialchars() has NOTHING in common to do with SQL escaping.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.