Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming ActiveRecord set/update/select not escaping
ActiveRecord set/update/select not escaping
  • El Forum
    Guest
  •  
#2
02-25-2011, 02:45 AM

[eluser]DODMax[/eluser]
It happens to me too (CI 1.7.2)
I did not tested more than that but it seems in some case CI is only escaping the identifiers during the first query. May come from the driver (MySQL in my case) as it seems the escape_str() function is loaded dynamically according to the driver.

My solution was to change the columns name, however this looks like a huge security risk.
Haven't found much more resources on that Sad


Messages In This Thread
ActiveRecord set/update/select not escaping - by El Forum - 03-25-2009, 08:40 PM
ActiveRecord set/update/select not escaping - by El Forum - 02-25-2011, 02:45 AM
ActiveRecord set/update/select not escaping - by El Forum - 02-25-2011, 04:40 AM
ActiveRecord set/update/select not escaping - by El Forum - 02-25-2011, 11:30 AM



Theme © iAndrew 2016 - Forum software by © MyBB