CodeIgniter Forums

Full Version: SQLIA on CI
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

I am doing a Thesis on SQL injection in php and codeigniter.

After reading this tutorial:

I wonder if any ci based website can be sql injected ?

Any clue ?

It seems like all the queries must follow on of the following rules:

1) Escaping Queries
2) Query Bindings
3) Active Record

Is it possible to create queries model that do not follow those rules in codeigniter?  Which can be sql injected ?

Any advice ?

Thanks in advance.

Any website/framework can be sql injected if programming best practices are not followed. Ultimately, it is up to the developer to follow best programming practices to prevent it from happening.