(07-13-2017, 10:47 AM)glorsh66 Wrote: And what about PDO? Is there need to configure CI to work only using PDO?
For SQL Injection use CI's Active Record, this will handle sanitation of user input automatically, as for output it's impossible to know for sure whether an output should be sanitised or not automatically so you'll need to do that yourself when echo'ing variables in a view, CI does have some automatic protections in this regard though, e.g values for form inputs are sanitised automatically.
