CodeIgniter Forums
SQLIA on CI - Printable Version

+- CodeIgniter Forums (
+-- Forum: Using CodeIgniter (
+--- Forum: General Help (
+--- Thread: SQLIA on CI (/thread-71121.html)

SQLIA on CI - davy_yg - 07-09-2018


I am doing a Thesis on SQL injection in php and codeigniter.

After reading this tutorial:

I wonder if any ci based website can be sql injected ?

Any clue ?

It seems like all the queries must follow on of the following rules:

1) Escaping Queries
2) Query Bindings
3) Active Record

Is it possible to create queries model that do not follow those rules in codeigniter?  Which can be sql injected ?

Any advice ?

Thanks in advance.

RE: SQLIA on CI - php_rocs - 07-09-2018


Any website/framework can be sql injected if programming best practices are not followed. Ultimately, it is up to the developer to follow best programming practices to prevent it from happening.