Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming How to handle SQL Injection
How to handle SQL Injection
  • El Forum
    Guest
  •  
#1
10-06-2008, 09:48 AM

[eluser]Unknown[/eluser]
How to handle SQL injection in CodeIgniter? Many thanks.
  • El Forum
    Guest
  •  
#2
10-06-2008, 10:07 AM

[eluser]GSV Sleeper Service[/eluser]
'query bindings' are probably the best way to go.
http://ellislab.com/codeigniter/user-gui...eries.html
  • El Forum
    Guest
  •  
#3
10-06-2008, 10:09 AM

[eluser]johnwbaxter[/eluser]
http://en.wikipedia.org/wiki/SQL_injection

Then go down the page until you get to "Prepared Statements"

Using active record will help too.
  • El Forum
    Guest
  •  
#4
10-06-2008, 10:22 AM

[eluser]bijon[/eluser]
You can handle SQL Injection by Escaping Queries in CI using
$this->db->escape() . You can find the details about Escaping Queries
here .

Cheers
Saidur Rahman
http://saidur.wordpress.com
  • El Forum
    Guest
  •  
#5
10-06-2008, 10:25 AM

[eluser]johnwbaxter[/eluser]
If you use active record it does this for you automatically.
  • El Forum
    Guest
  •  
#6
10-06-2008, 10:35 AM

[eluser]Xeoncross[/eluser]
If you want to understand more about SQL injection you can watch a movie I did on PHP Security. I covers what to expect from SQL injection attacks.

Also, I second "Prepared Statements" as a good way to go.
  • El Forum
    Guest
  •  
#7
07-19-2009, 08:55 PM

[eluser]ngocthai[/eluser]
not use $this->db->escape().
must use $this->db->escape_str()




Theme © iAndrew 2016 - Forum software by © MyBB