[eluser]tjrede[/eluser]
Hello,
After testing a site I found there are vulnerable parameters in mysql.
I tried using $this->db->escape on input's that come from the url but it does not display my html/javascript
How would I prevent injection in such a case.
Would I use mysql_real_escape_string?
Thanks
