[eluser]Iván Argulo[/eluser]
Hi! I don't know for sure if this is a bug, but I'm having troubles with the Having clause in Active Record.
Well, let's see the code:
First I have to say that $value is XSS-filtered by default, but it has the value '% 28' (without space). Let's say a malicious user is trying to hack our application.
Code:
$this->db->select('*');
$this->db->from('table_name');
$this->db->having('field', $value)
It crashes saying:
Code:
`table_name`.`field` = \'
But if I use where instead of having,
Code:
$this->db->select('*');
$this->db->from('table_name');
$this->db->where('field', $value)
this is the
correct output:
Code:
WHERE `table_name`.`field` = '\''
I'm doing something bad?
Thanks in advance
