[eluser]thebillkidy[/eluser]
Now i don't know if this is a real exploit but when i do a simple db select like this:
$this->connection->select('*')->from($table)->where($column, $value);
then if it's an array then the complete system crashes and allows sql injection?????
now shouldn't this be filtered in the codeigniter core? since the documentation says it automatically checks for known sql injections... but shouldn't there be also a check on the datatype entered??
P.S. when the error is triggered this message appears:
<p>Error Number: 1054</p><p>Unknown column 'Array' in 'where clause'</p><p>SELECT *
FROM (`xxxx`)
WHERE `username` = Array</p><p>Filename: D:\xxxxxxxx\system\database\DB_driver.php</p><p>Line Number: 330</p> </div>