Preventing SQL Injection Attacks using Active Record |
[eluser]bedanand[/eluser]
Here is the simple rule to protect against sql inject. Never use direct queries like this, instead use binded variables on sql queries. Never do: $query= $this->db->query('select * from users where username="'.$username.'" and password="'.$password.'"'); Should do: $query= $this->db->query("select * from users where username=? and password=?", array($username,$password)); Here is the nice article about this. Protect against sql-injection |
Messages In This Thread |
Preventing SQL Injection Attacks using Active Record - by El Forum - 05-10-2013, 02:24 PM
Preventing SQL Injection Attacks using Active Record - by El Forum - 05-11-2013, 08:21 PM
Preventing SQL Injection Attacks using Active Record - by El Forum - 05-12-2013, 08:11 AM
Preventing SQL Injection Attacks using Active Record - by El Forum - 05-14-2013, 06:45 PM
|