is this protected ?

#1
[eluser]nuclearmaker[/eluser]
hi,is this query protected with sql injection?

Code:
$this->db->where('MATCH (title) AGAINST ("'. $q .'")', NULL, FALSE);

#2
[eluser]InsiteFX[/eluser]
Active record escapes queries!

But if you really want to be safe, Turn the FALSE to TRUE
for backticks or you can trun on XSS Filtering in the config.php

$config['global_xss_filtering'] = TRUE;

InsiteFX


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.