SQL injection attack

[eluser]Pert[/eluser]
actually I'll take that back, sort of.

Depends how you set up your AR call.

If it's weird query, and you need to do multiple OR statements and what not, you have option to not parse strings.

Code:

$this->db->where('((table_a.col_1 = table_b.col_2 OR table_c.col_2 = table_a.col_2) OR (...))', null, false);

But said that, it's unlikely that someone spent so much time on trying to find issues with your application.

It's more likely that they managed to get in your server through known cPanel vulnerability for example or that some UPDATE functions were wrong. I kid you not, I've seen servers hacked into after 2 hours they were completely re-installed with login from correct root password, all because cPanel was not up to date.

So do a quick query check on forgotten password feature (put in some injection code, print out SQL queries that are run), but you should be ready to investigate further in server side.