Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Preventing SQL Injection Attacks using Active Record
Preventing SQL Injection Attacks using Active Record
  • El Forum
    Guest
  •  
#1
05-10-2013, 02:24 PM

[eluser]Unknown[/eluser]
Hi,

I am using Codeigniter (latest version) and generate all my MySQL queries using Active Record. However, recently, one of my endpoints was hacked using SQL injection. They injected an "OR" clause in my script causing the query to respond when it should have failed. This is a major issue for me and I want to understand what the recommended way of sanitizing variables is when it comes to Active Record. The documentation says that Active Record automatically escapes queries but it seems to fail in this case.

My fix was to check the input data against database information which could not be tampered with. However, I need to understand how to secure all my scripts.

Thank you for your help.


Messages In This Thread
Preventing SQL Injection Attacks using Active Record - by El Forum - 05-10-2013, 02:24 PM
Preventing SQL Injection Attacks using Active Record - by El Forum - 05-11-2013, 08:21 PM
Preventing SQL Injection Attacks using Active Record - by El Forum - 05-12-2013, 08:11 AM
Preventing SQL Injection Attacks using Active Record - by El Forum - 05-14-2013, 06:45 PM



Theme © iAndrew 2016 - Forum software by © MyBB