Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming SQL injection on active record : $this->db->where()
SQL injection on active record : $this->db->where()
  • El Forum
    Guest
  •  
#5
05-22-2011, 09:31 PM

[eluser]DeaD SouL[/eluser]
Hi,

I think this will auto escape it too:

Code:
$query = 'SELECT id, end_ban FROM member_ban WHERE ip = ? AND (`end_ban` > ? OR `end_ban` IS NULL)';
$binds = array( $ip, date('Y-m-d G:i:s') );
return $this->db->query( $query, $binds );


If I'm wrong please correct me.


Messages In This Thread
SQL injection on active record : $this->db->where() - by El Forum - 05-18-2011, 01:00 AM
SQL injection on active record : $this->db->where() - by El Forum - 05-19-2011, 08:32 PM
SQL injection on active record : $this->db->where() - by El Forum - 05-20-2011, 12:05 AM
SQL injection on active record : $this->db->where() - by El Forum - 05-20-2011, 06:38 AM
SQL injection on active record : $this->db->where() - by El Forum - 05-22-2011, 09:31 PM



Theme © iAndrew 2016 - Forum software by © MyBB