SQL Injection protection in CodeIgniter |
[eluser]Razican[/eluser]
Hello, I have an application which inserts post data into the database. The problem is that if I put sth', 'sth in the text field, it creates a database error, because it tries to insert two fields data in only one: INSERT INTO md5_decryptor (characters,md5) VALUES ('sth', 'sth','29f14c6f1851e7766ae69fdf4ca0c1c3'); I have the global XSS filtering enabled.
[eluser]WanWizard[/eluser]
Without actual code it's difficult for us to guess what is wrong. Some ideas: - your not using CI's active record, but code your queries by hand without proper escaping - you use data from $_POST, not via $this->input->post XSS filtering doesn't do anything with quotes in an input field, they are perfectly legal. They need to be escaped though if you use them in a query.
[eluser]WanWizard[/eluser]
If you use CI's active record, CI does that for you. See the user manual.
[eluser]Razican[/eluser]
I have used it but I get this error: Code: Unknown column 'Razican' in 'where clause' EDIT: My fault EDIT: It works fine now, thanks. |
Welcome Guest, Not a member yet? Register Sign In |