How to prevent SQL injection? |
[eluser]Volkof[/eluser]
Hi all, Is there a way to prevent SQL injection? In my view, I have a textarea to enter comments, but if the user enter something like Code: You know what, I'm sure this review is fine You can see that there is an Apostrophe Then this is gonna cause syntax error in my model; Code: $sql = "INSERT INTO Comment (comment, userID, reviewID) Thanks in advance
[eluser]PhilTem[/eluser]
Use CI's AR-class, use the db->escape method, or perform query bindings. Code examples can be found in the user's guide.
[eluser]Unknown[/eluser]
[quote author="Volkof" date="1357301854"]Hi all, Is there a way to prevent SQL injection? In my view, I have a textarea to enter comments, but if the user enter something like Code: You know what, I'm sure this review is fine You can see that there is an Apostrophe Then this is gonna cause syntax error in my model; Code: $sql = "INSERT INTO Comment (comment, userID, reviewID) Thanks in advance[/quote] Simply do, Code: $this->db->query("INSERT INTO Comment (comment, userID, reviewID) |
Welcome Guest, Not a member yet? Register Sign In |