Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming How to prevent SQL injection?
How to prevent SQL injection?
  • El Forum
    Guest
  •  
#3
01-04-2013, 09:18 AM

[eluser]Unknown[/eluser]
[quote author="Volkof" date="1357301854"]Hi all,

Is there a way to prevent SQL injection?

In my view, I have a textarea to enter comments, but if the user enter something like

Code:
You know what, I'm sure this review is fine

You can see that there is an Apostrophe


Then this is gonna cause syntax error in my model;
Code:
$sql = "INSERT INTO Comment (comment, userID, reviewID)
  VALUES ('".$comment."', '".$userID."', '".$reviewID."')";
  $query = $this->db->query($sql);


Thanks in advance[/quote]
Simply do,
Code:
$this->db->query("INSERT INTO Comment (comment, userID, reviewID)
  VALUES (?, ?, ?)", array($comment, $userID, $reviewID));


Messages In This Thread
How to prevent SQL injection? - by El Forum - 01-04-2013, 05:17 AM
How to prevent SQL injection? - by El Forum - 01-04-2013, 07:08 AM
How to prevent SQL injection? - by El Forum - 01-04-2013, 09:18 AM



Theme © iAndrew 2016 - Forum software by © MyBB