Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Security issue
Security issue
  • El Forum
    Guest
  •  
#3
11-24-2009, 02:16 AM

[eluser]nebulom[/eluser]
I don't know. I tried typing "hello' world" and it still fires the error. Here's without the escape
Quote:UPDATE "EES_BPC_DISC" SET "LAST_UPDATE_DATE" = sysdate, "COMMENTS" = 'hello' world', "LAST_UPDATE_BY" = 'EES_ADMIN' WHERE "ID" = '1'
and with
Code:
$data = array(
            'COMMENTS' => $this->db->escape($this->input->post('comments')),
            'LAST_UPDATE_BY' => $this->session->userdata('username')
        );
Quote:UPDATE "EES_BPC_DISC" SET "LAST_UPDATE_DATE" = sysdate, "COMMENTS" = ''hello' world'', "LAST_UPDATE_BY" = 'EES_ADMIN' WHERE "ID" = '1'
I'm with oci8. Does that count? Thanks.


Messages In This Thread
Security issue - by El Forum - 11-24-2009, 01:33 AM
Security issue - by El Forum - 11-24-2009, 01:56 AM
Security issue - by El Forum - 11-24-2009, 02:16 AM
Security issue - by El Forum - 11-24-2009, 02:23 AM
Security issue - by El Forum - 11-25-2009, 10:07 PM



Theme © iAndrew 2016 - Forum software by © MyBB