Welcome Guest, Not a member yet? Register   Sign In
How to handle SQL Injection

How to handle SQL injection in CodeIgniter? Many thanks.

[eluser]GSV Sleeper Service[/eluser]
'query bindings' are probably the best way to go.


Then go down the page until you get to "Prepared Statements"

Using active record will help too.

You can handle SQL Injection by Escaping Queries in CI using
$this->db->escape() . You can find the details about Escaping Queries
here .

Saidur Rahman

If you use active record it does this for you automatically.

If you want to understand more about SQL injection you can watch a movie I did on PHP Security. I covers what to expect from SQL injection attacks.

Also, I second "Prepared Statements" as a good way to go.

not use $this->db->escape().
must use $this->db->escape_str()

Theme © iAndrew 2016 - Forum software by © MyBB