Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming can't write strings to database
can't write strings to database
  • El Forum
    Unregistered
  •  
#2
07-14-2012, 11:24 AM

[eluser]CroNiX[/eluser]
Don't strings need to be quoted going into the database? Yours isn't. Numbers don't need to be, so that's why they work ok.

You're also not escaping your variables, which is not good and leaves you open to SQL injection. Always escape variables on manual query, or better yet, use Active Record or query bindings which escapes all variables automatically. A hacker could easily change your query string, just sitting there openly in the url, and enter some SQL commands there and your code would execute it blindly and they could take your site over, get a list of users/passwords, or whatever. Not good.


Messages In This Thread
can't write strings to database - by El Forum - 07-14-2012, 11:11 AM
can't write strings to database - by El Forum - 07-14-2012, 11:24 AM
can't write strings to database - by El Forum - 07-14-2012, 11:25 AM
can't write strings to database - by El Forum - 07-14-2012, 11:35 AM
can't write strings to database - by El Forum - 07-14-2012, 12:04 PM
can't write strings to database - by El Forum - 07-14-2012, 12:28 PM
can't write strings to database - by El Forum - 07-14-2012, 12:43 PM
can't write strings to database - by El Forum - 07-14-2012, 12:47 PM
can't write strings to database - by El Forum - 07-14-2012, 12:50 PM
can't write strings to database - by El Forum - 07-14-2012, 01:08 PM



Theme © iAndrew 2016 - Forum software by © MyBB