CodeIgniter Forums

Full Version: security question
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

[eluser]dadamssg87[/eluser]
I'd love for someone to explain how they sanitize their POSTS to store into their databases. I'm using the xss_clean function in my form validation but i don't think that covers sql injections. Is there a codeigniter function that sanitizes post data for sql injection?

El Forum

[eluser]pickupman[/eluser]
If you are using ActiveRecord syntax ($this->db->update/insert) along with xss_clean, you are doing it correctly. The ActiveRecord syntax automatically escapes sql queries unless you have explicitly set it not to. Also using $this->db->set('field_name', $field_name) will protect the fields as well.
Code:
foreach($_POST as $key => $val){
  $this->db->set($key, $val);
}