How to prevent SQL injection? - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: How to prevent SQL injection? (/showthread.php?tid=56582) |
How to prevent SQL injection? - El Forum - 01-04-2013 [eluser]Volkof[/eluser] Hi all, Is there a way to prevent SQL injection? In my view, I have a textarea to enter comments, but if the user enter something like Code: You know what, I'm sure this review is fine You can see that there is an Apostrophe Then this is gonna cause syntax error in my model; Code: $sql = "INSERT INTO Comment (comment, userID, reviewID) Thanks in advance How to prevent SQL injection? - El Forum - 01-04-2013 [eluser]PhilTem[/eluser] Use CI's AR-class, use the db->escape method, or perform query bindings. Code examples can be found in the user's guide. How to prevent SQL injection? - El Forum - 01-04-2013 [eluser]Unknown[/eluser] [quote author="Volkof" date="1357301854"]Hi all, Is there a way to prevent SQL injection? In my view, I have a textarea to enter comments, but if the user enter something like Code: You know what, I'm sure this review is fine You can see that there is an Apostrophe Then this is gonna cause syntax error in my model; Code: $sql = "INSERT INTO Comment (comment, userID, reviewID) Thanks in advance[/quote] Simply do, Code: $this->db->query("INSERT INTO Comment (comment, userID, reviewID) |