SQLIA on CI - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5) +--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24) +--- Thread: SQLIA on CI (/showthread.php?tid=71121) |
SQLIA on CI - davy_yg - 07-09-2018 Hello, I am doing a Thesis on SQL injection in php and codeigniter. After reading this tutorial: https://www.roytuts.com/prevent-sql-injection-in-codeigniter/ I wonder if any ci based website can be sql injected ? Any clue ? It seems like all the queries must follow on of the following rules: 1) Escaping Queries 2) Query Bindings 3) Active Record Is it possible to create queries model that do not follow those rules in codeigniter? Which can be sql injected ? Any advice ? Thanks in advance. RE: SQLIA on CI - php_rocs - 07-09-2018 @davy_yg, Any website/framework can be sql injected if programming best practices are not followed. Ultimately, it is up to the developer to follow best programming practices to prevent it from happening. |