How to handle SQL Injection - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: How to handle SQL Injection (/showthread.php?tid=12105) |
How to handle SQL Injection - El Forum - 10-06-2008 [eluser]Unknown[/eluser] How to handle SQL injection in CodeIgniter? Many thanks. How to handle SQL Injection - El Forum - 10-06-2008 [eluser]GSV Sleeper Service[/eluser] 'query bindings' are probably the best way to go. http://ellislab.com/codeigniter/user-guide/database/queries.html How to handle SQL Injection - El Forum - 10-06-2008 [eluser]johnwbaxter[/eluser] http://en.wikipedia.org/wiki/SQL_injection Then go down the page until you get to "Prepared Statements" Using active record will help too. How to handle SQL Injection - El Forum - 10-06-2008 [eluser]bijon[/eluser] You can handle SQL Injection by Escaping Queries in CI using $this->db->escape() . You can find the details about Escaping Queries here . Cheers Saidur Rahman http://saidur.wordpress.com How to handle SQL Injection - El Forum - 10-06-2008 [eluser]johnwbaxter[/eluser] If you use active record it does this for you automatically. How to handle SQL Injection - El Forum - 10-06-2008 [eluser]Xeoncross[/eluser] If you want to understand more about SQL injection you can watch a movie I did on PHP Security. I covers what to expect from SQL injection attacks. Also, I second "Prepared Statements" as a good way to go. How to handle SQL Injection - El Forum - 07-19-2009 [eluser]ngocthai[/eluser] not use $this->db->escape(). must use $this->db->escape_str() |