Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Possible Bug in Active Record - Having clause
Possible Bug in Active Record - Having clause
  • El Forum
    Unregistered
  •  
#1
03-13-2009, 02:58 AM

[eluser]Iván Argulo[/eluser]
Hi! I don't know for sure if this is a bug, but I'm having troubles with the Having clause in Active Record.

Well, let's see the code:

First I have to say that $value is XSS-filtered by default, but it has the value '% 28' (without space). Let's say a malicious user is trying to hack our application.

Code:
$this->db->select('*');
$this->db->from('table_name');
$this->db->having('field', $value)

It crashes saying:
Code:
`table_name`.`field` = \'

But if I use where instead of having,
Code:
$this->db->select('*');
$this->db->from('table_name');
$this->db->where('field', $value)

this is the correct output:
Code:
WHERE `table_name`.`field` = '\''

I'm doing something bad?

Thanks in advance


Messages In This Thread
Possible Bug in Active Record - Having clause - by El Forum - 03-13-2009, 02:58 AM



Theme © iAndrew 2016 - Forum software by © MyBB