[eluser]xwero[/eluser]
No problem, now you know you have to makes checks for all queries.
You could write the getNomCat query 2 different ways
Code:
$query = $this->db->query('SELECT nom_cat FROM news_categories WHERE id=? LIMIT 1',array($idcat));
This way will escape the value to prevent sql attacks. And the other way is using the active records class
Code:
$this->db->select('nom_cat');
$this->db->from('news_categories');
$this->db->where('id',$idcat);
$this->db->limit(1);
$query = $this->db->get();
// or chained (php5)
$query = $this->db->select('nom_cat')->from('news_categories')->where('id',$idcat)->limit(1)->get();
This has the advantage of escaping the values and works with all the supported databases.