Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Help me become a better developer!
Help me become a better developer!
  • El Forum
    Guest
  •  
#3
07-18-2007, 10:53 PM

[eluser]Rick Jolly[/eluser]
Two things come to mind:

1. escape your sql
Code:
// you could let CI escape your sql automatically by using query bindings:
$sql = "SELECT * FROM awNewsComments WHERE comments_news_id = ? ORDER BY comments_id DESC";
$this->db->query($sql, array($news_id));

2. beware of sql injection. For example, you could verify that $news_id is a number (and therefore you would know $news_id isn't some malicious sql). EDIT: Ah, you checked for a number, sorry I missed it the first time.


Messages In This Thread
Help me become a better developer! - by El Forum - 07-18-2007, 10:35 PM
Help me become a better developer! - by El Forum - 07-18-2007, 10:51 PM
Help me become a better developer! - by El Forum - 07-18-2007, 10:53 PM
Help me become a better developer! - by El Forum - 07-18-2007, 11:05 PM
Help me become a better developer! - by El Forum - 07-18-2007, 11:32 PM
Help me become a better developer! - by El Forum - 07-19-2007, 12:04 AM
Help me become a better developer! - by El Forum - 07-19-2007, 12:15 AM
Help me become a better developer! - by El Forum - 07-19-2007, 10:02 AM



Theme © iAndrew 2016 - Forum software by © MyBB