+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: How to handle SQL Injection (/showthread.php?tid=12105)
How to handle SQL Injection - El Forum - 10-06-2008
[eluser]Unknown[/eluser]
How to handle SQL injection in CodeIgniter? Many thanks.
How to handle SQL Injection - El Forum - 10-06-2008
[eluser]GSV Sleeper Service[/eluser]
'query bindings' are probably the best way to go.
http://ellislab.com/codeigniter/user-guide/database/queries.html
How to handle SQL Injection - El Forum - 10-06-2008
[eluser]johnwbaxter[/eluser]
http://en.wikipedia.org/wiki/SQL_injection
Then go down the page until you get to "Prepared Statements"
Using active record will help too.
How to handle SQL Injection - El Forum - 10-06-2008
[eluser]bijon[/eluser]
You can handle SQL Injection by Escaping Queries in CI using
$this->db->escape() . You can find the details about Escaping Queries
here .
Cheers
Saidur Rahman
http://saidur.wordpress.com
How to handle SQL Injection - El Forum - 10-06-2008
[eluser]johnwbaxter[/eluser]
If you use active record it does this for you automatically.
How to handle SQL Injection - El Forum - 10-06-2008
[eluser]Xeoncross[/eluser]
If you want to understand more about SQL injection you can watch a movie I did on PHP Security. I covers what to expect from SQL injection attacks.
Also, I second "Prepared Statements" as a good way to go.
How to handle SQL Injection - El Forum - 07-19-2009
[eluser]ngocthai[/eluser]
not use $this->db->escape().
must use $this->db->escape_str()