Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming What is the difference in the codes?(security)
What is the difference in the codes?(security)
  • El Forum
    Guest
  •  
#1
12-01-2010, 06:09 AM

[eluser]SaSa[/eluser]
hello
What is the difference in the codes?Which is more security?
First code:
Code:
$title = $this->input->post('title', TRUE);
              $ural = $this->input->post('ural', TRUE);
              $page_linkus = $this->input->post('page_linkus', TRUE);
              $exposition = $this->input->post('exposition', TRUE);
    $sql = "INSERT INTO links (title, ural, page_linkus, exposition)
VALUES (".$this->db->escape($title).", ".$this->db->escape($ural).", ".$this->db->escape($page_linkus).", ".$this->db->escape($exposition).")";
$this->db->query($sql);
echo $this->db->affected_rows();

Second code:
Code:
$data = array(
'title' => $title,
'name' => $name,
'date' => $date
);
$this->db->insert('mytable', $data);

Third cod:
Code:
$insert = array(
              'title'=>$this->input->post('title', TRUE),
              'ural'=>$this->input->post('ural', TRUE),
              'page_linkus'=>$this->input->post('page_linkus', TRUE),
              'exposition'=>$this->input->post('exposition', TRUE),
            );
    $this->db->insert('links',$insert);
    }
  • El Forum
    Guest
  •  
#2
12-01-2010, 06:24 AM

[eluser]diasansley[/eluser]
ur first code i guess is taking it from the post. the second using a array. The first code seems to be using escape characters.

So i say the first one is.


Thanks
Rgds
  • El Forum
    Guest
  •  
#3
12-01-2010, 06:45 AM

[eluser]InsiteFX[/eluser]
Active Record automaticlly escapes your code.

So they are all correct!

InsiteFX
  • El Forum
    Guest
  •  
#4
12-01-2010, 07:23 AM

[eluser]SaSa[/eluser]
thanks!
I mean was that which is better?
  • El Forum
    Guest
  •  
#5
12-01-2010, 07:26 AM

[eluser]InsiteFX[/eluser]
If your using Active Record it takes care of it for you!

But remember never trust user input!!!

InsiteFX
  • El Forum
    Guest
  •  
#6
12-01-2010, 07:44 AM

[eluser]SaSa[/eluser]
To third code use of Active Record whit Changes.
do is right and good for security?
  • El Forum
    Guest
  •  
#7
12-01-2010, 10:26 PM

[eluser]InsiteFX[/eluser]
Yes

InsiteFX
  • El Forum
    Guest
  •  
#8
12-01-2010, 10:59 PM

[eluser]jasonjack[/eluser]
yes there are some difference in each code. with one single comma or any other character the code changes...
  • El Forum
    Guest
  •  
#9
12-02-2010, 08:36 AM

[eluser]mdvaldosta[/eluser]
I suggest using the third code. It's cleaner, and does everything you need using the tools CI provides.

The second code, however, doesn't protect from XSS though as far as I know. Active record escapes data, but doesn't prevent xss. You need to do that with your post data, either through $this->input->post('post_data', TRUE) or in your config sitewide.




Theme © iAndrew 2016 - Forum software by © MyBB