CodeIgniter Forums
SQLIA on CI - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forum-5.html)
+--- Forum: General Help (https://forum.codeigniter.com/forum-24.html)
+--- Thread: SQLIA on CI (/thread-71121.html)



SQLIA on CI - davy_yg - 07-09-2018

Hello,

I am doing a Thesis on SQL injection in php and codeigniter.

After reading this tutorial:  https://www.roytuts.com/prevent-sql-injection-in-codeigniter/

I wonder if any ci based website can be sql injected ?

Any clue ?

It seems like all the queries must follow on of the following rules:

1) Escaping Queries
2) Query Bindings
3) Active Record

Is it possible to create queries model that do not follow those rules in codeigniter?  Which can be sql injected ?

Any advice ?

Thanks in advance.


RE: SQLIA on CI - php_rocs - 07-09-2018

@davy_yg,

Any website/framework can be sql injected if programming best practices are not followed. Ultimately, it is up to the developer to follow best programming practices to prevent it from happening.