Help to avoid sql injection attack |
[eluser]Unknown[/eluser]
would you please guide me to secure my query here is the query Quote:$id=$_GET['id']; do u think its secure now Quote:$id = mysql_real_escape_string($_GET['id']);
[eluser]Bart v B[/eluser]
That can be much simpler UseActive Records Code: function GetData()
[eluser]CodeIgniteMe[/eluser]
+1 vote for Bart v B's answer. only trimmed some redundant codes: Code: function GetData()
[eluser]Bart v B[/eluser]
[quote author="CodeIgniteMe" date="1312784824"]+1 vote for Bart v B's answer. only trimmed some redundant codes: Code: function GetData() Pssst... Where is $q comming from? Code: function GetData()
[eluser]CodeIgniteMe[/eluser]
haha sorry, I didn't see that. I only used your code as a reference :coolsmirk:
[eluser]CodeIgniteMe[/eluser]
[quote author="Bart v B" date="1312855066"] Code: function GetData() and one more thing to clean up. You don't need to include the select keyword in the statement Code: $this->db->select('select title,picture,news'); Code: $this->db->select('title,picture,news');
[eluser]CodeIgniteMe[/eluser]
Or to make it all so short Code: function get_data() only works with PHP >= 5.0 Method Chaining
[eluser]P.T.[/eluser]
Code: function get_data() |
Welcome Guest, Not a member yet? Register Sign In |