is it safe to use $this->db->query($sql);

Register Sign In

is it safe to use $this->db->query($sql);

kilishan
CI Project Lead
Posts: 1,464
Threads: 91
Joined: Oct 2014
Reputation: 122

#3

04-05-2015, 08:00 PM

The code you have shown is only save if you were to use

Code:
$this->db->escape()

on each variable prior to calling the query() method.

And gadelat is right - use query bindings because it does it for you.

Support Development • CodeIgniter 4 Foundations • Practical CodeIgniter 3 • CodeIgniter Tutorials

Messages In This Thread

is it safe to use $this->db->query($sql); - by smallbug - 04-05-2015, 01:07 PM

RE: is it safe to use $this->db->query($sql); - by gadelat - 04-05-2015, 03:39 PM

RE: is it safe to use $this->db->query($sql); - by kilishan - 04-05-2015, 08:00 PM

RE: is it safe to use $this->db->query($sql); - by casa - 04-05-2015, 09:40 PM

RE: is it safe to use $this->db->query($sql); - by casa - 04-05-2015, 10:02 PM

RE: is it safe to use $this->db->query($sql); - by smallbug - 04-05-2015, 11:05 PM

Theme © iAndrew 2016 - Forum software by © MyBB