Welcome Guest, Not a member yet? Register   Sign In
is it safe to use $this->db->query($sql);
#1

Hi All!

I'm a beginner and have just started with CodeIgniter 3.0



If I don't want to forget the way how to create regular SQL-Code, I use this model:

PHP Code:
public function intsertNew($firstname$secondname$age) { 

 
$sql "INSERT INTO tbl_employee (firstname, secondname, age) VALUES('$firstname', '$secondname', $age)";
 
$query $this->db->query($sql);


 return 
$query// TRUE/FALSE


In the config of database.php I use PDO to be safe:
PHP Code:
$db['default'] = array(
 
'dsn' => 'mysql:host=localhost;dbname=employee',
 
'hostname' => 'localhost',
 
'username' => 'root',
 
'password' => '',
 
'database' => 'employee',
 
'dbdriver' => 'pdo',
 
'dbprefix' => '',
 
'pconnect' => FALSE,
 
'db_debug' => TRUE,
 
'cache_on' => FALSE,
 
'cachedir' => '',
 
'char_set' => 'utf8',
 
'dbcollat' => 'utf8_general_ci',
 
'swap_pre' => '',
 
'encrypt' => FALSE,
 
'compress' => FALSE,
 
'stricton' => FALSE,
 
'failover' => array(),
 
'save_queries' => TRUE
); 
My question: is it safe (SQL Injection) when I use that query above?

Many thanks
Reply


Messages In This Thread
is it safe to use $this->db->query($sql); - by smallbug - 04-05-2015, 01:07 PM



Theme © iAndrew 2016 - Forum software by © MyBB