+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24)
+--- Thread: SQL Injection problem (/showthread.php?tid=70172)
SQL Injection problem - ChrisPL - 03-04-2018
I'm begginer with CodeIgniter and I stucked on problem with counting.
I try to count records in my database using code below:
$count = $this->db->where(['title'=> $this->input->post('title'), 'name'=> $this->input->post('name')])->from("table")->count_all_results();
Then I check the query in development using code below:
echo $this->db->last_query();
Everything is ok, if I send data like title: test1 and name: test2:
SELECT COUNT(*) AS `numrows` FROM `table` WHERE `title` = 'test1' AND `name` = 'test2'
But if I send data similar to SQL Injection: test1 AND id = 1' it changes to:
SELECT COUNT(*) AS `numrows` FROM `table` WHERE `opis` = 'test1 AND `id` = 1\'' AND `nazwisko` = 'test2'
How to prevent changing in this query id to `id` ? If I send data "test1 ANDY = 1' the query is without ` around id.
RE: SQL Injection problem - Kmycic - 03-05-2018
Maybe it will help you: https://stackoverflow.com/questions/1615792/does-codeigniter-automatically-prevent-sql-injection