[eluser]rkitkonsult[/eluser]
Hi,
I'm have a problem that probably is easy to fix for all of you... Please help me out, I'm not that good at this yet...
When a user log in I want to check that the username or password wasnt an sql-injection attempt or somethin like that. How do I do?
This is an example of my thoughts:
//Clean username
$post_username = $this->input->post('username');
$xss_username = $this->input->xss_clean($post_username);
$clean_username = $this->db->escape($xss_username);
//Clean password
$post_password = $this->input->post('password');
$xss_password = $this->input->xss_clean($post_password);
$clean_password = $this->db->escape($xss_password);
$hashed_password = dohash($clean_password);
//Check if match in database
$this->db->select('Username, Password');
$this->db->where('Username', $clean_username);
$this->db->where('Password', $hashed_password);
$query = $this->db->get('Users');
This doesnt work! Its the 'cleaning' parts that gives me troubles... What am I doing wrong?