SQL Injections - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5) +--- Forum: Best Practices (https://forum.codeigniter.com/forumdisplay.php?fid=12) +--- Thread: SQL Injections (/showthread.php?tid=86260) |
SQL Injections - miscapu - 01-24-2023 I would like to know if the Query Builder Class is safe in terms of SQL Injections. How should they be used correctly to avoid these attacks? I have this situation: Code: $product = $this->productModel->asObject()->find( $id ); And this other: Code: $sql = 'SELECT * FROM products WHERE id = ?'; Which would be the safest? RE: SQL Injections - kenjis - 01-24-2023 find() is not a Query Builder method. It is a Model method. If you want to make your app safe, validate all user input before passing to DB/QB/Model objects. |