is this protected ?

hi,is this query protected with sql injection?

$this->db->where('MATCH (title) AGAINST ("'. $q .'")', NULL, FALSE);

Active record escapes queries!

But if you really want to be safe, Turn the FALSE to TRUE
for backticks or you can trun on XSS Filtering in the config.php

$config['global_xss_filtering'] = TRUE;


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.