MySQL Injection

[eluser]johanriyan[/eluser]

Code:

Hello Guys,

I have error like this :

Error Number: 1064

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘-2, 2’ at line 4

SELECT * FROM (`user`) ORDER BY `no` ASC LIMIT -2, 2

Filename: D:\xampp\htdocs\cibootstrap\system\database\DB_driver.php

Line Number: 330


this error appear when i am add ” - ” in the pagination.


this is my model :


<?php

class User_model extends CI_Model{

    function get_all($num, $offset)
    {
        
        $this->db->order_by('no', 'ASC');
        $data=$this->db->get('user', $num, $offset);
        return $data->result();
    }
    
    function save($data){
        
        $this->db->insert('user',$data);
    }
}


and this is my controller :
[code]public function about($id=NULL){

//pengaturan pagination
$jml = $this->db->get('user');

$config['base_url'] = base_url().'index.php/bootstrap/about';
$config['total_rows'] = $jml->num_rows();
$config['per_page'] = '2';
$config['first_page'] = 'Awal';
$config['last_page'] = 'Akhir';
$config['next_page'] = '«';
$config['prev_page'] = '»';





//inisialisasi config
$this->pagination->initialize($config);
      

       //buat pagination
$data['halaman'] = $this->pagination->create_links();
      
    

       //tamplikan data
    $data['query'] = $this->user_model->get_all($config['per_page'], $id);
$this->load->view('include/header');
$this->load->view('about',$data);
$this->load->view('include/footer');


}

how to fix it.[/code]

[eluser]Ckirk[/eluser]
@ johanriyan I answered that one in this thread.
In future if you have a problem that's not related to the original post then search for your problem and, if you don't find the answer, create a new post

[eluser]jairoh_[/eluser]
active records automatically escapes injection.

[eluser]johanriyan[/eluser]
thk u guys,

i love codeigniter and i love you all.