+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24)
+--- Thread: SQLIA on CI (/showthread.php?tid=71121)
SQLIA on CI - davy_yg - 07-09-2018
Hello,
I am doing a Thesis on SQL injection in php and codeigniter.
After reading this tutorial: https://www.roytuts.com/prevent-sql-injection-in-codeigniter/
I wonder if any ci based website can be sql injected ?
Any clue ?
It seems like all the queries must follow on of the following rules:
1) Escaping Queries
2) Query Bindings
3) Active Record
Is it possible to create queries model that do not follow those rules in codeigniter? Which can be sql injected ?
Any advice ?
Thanks in advance.
RE: SQLIA on CI - php_rocs - 07-09-2018
@davy_yg,
Any website/framework can be sql injected if programming best practices are not followed. Ultimately, it is up to the developer to follow best programming practices to prevent it from happening.