Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming SQL Injection protection in CodeIgniter
SQL Injection protection in CodeIgniter
  • El Forum
    Guest
  •  
#2
07-22-2010, 12:52 PM

[eluser]WanWizard[/eluser]
Without actual code it's difficult for us to guess what is wrong.

Some ideas:
- your not using CI's active record, but code your queries by hand without proper escaping
- you use data from $_POST, not via $this->input->post

XSS filtering doesn't do anything with quotes in an input field, they are perfectly legal. They need to be escaped though if you use them in a query.


Messages In This Thread
SQL Injection protection in CodeIgniter - by El Forum - 07-22-2010, 12:17 PM
SQL Injection protection in CodeIgniter - by El Forum - 07-22-2010, 12:52 PM
SQL Injection protection in CodeIgniter - by El Forum - 07-22-2010, 01:18 PM
SQL Injection protection in CodeIgniter - by El Forum - 07-22-2010, 01:30 PM
SQL Injection protection in CodeIgniter - by El Forum - 07-22-2010, 03:59 PM



Theme © iAndrew 2016 - Forum software by © MyBB