How to handle SQL Injection |
[eluser]Unknown[/eluser]
How to handle SQL injection in CodeIgniter? Many thanks.
[eluser]GSV Sleeper Service[/eluser]
'query bindings' are probably the best way to go. http://ellislab.com/codeigniter/user-gui...eries.html
[eluser]johnwbaxter[/eluser]
http://en.wikipedia.org/wiki/SQL_injection Then go down the page until you get to "Prepared Statements" Using active record will help too.
[eluser]bijon[/eluser]
You can handle SQL Injection by Escaping Queries in CI using $this->db->escape() . You can find the details about Escaping Queries here . Cheers Saidur Rahman http://saidur.wordpress.com
[eluser]johnwbaxter[/eluser]
If you use active record it does this for you automatically.
[eluser]Xeoncross[/eluser]
If you want to understand more about SQL injection you can watch a movie I did on PHP Security. I covers what to expect from SQL injection attacks. Also, I second "Prepared Statements" as a good way to go.
[eluser]ngocthai[/eluser]
not use $this->db->escape(). must use $this->db->escape_str() |
Welcome Guest, Not a member yet? Register Sign In |