01-04-2013, 05:17 AM
[eluser]Volkof[/eluser]
Hi all,
Is there a way to prevent SQL injection?
In my view, I have a textarea to enter comments, but if the user enter something like
You can see that there is an Apostrophe
Then this is gonna cause syntax error in my model;
Thanks in advance
Hi all,
Is there a way to prevent SQL injection?
In my view, I have a textarea to enter comments, but if the user enter something like
Code:
You know what, I'm sure this review is fine
You can see that there is an Apostrophe
Then this is gonna cause syntax error in my model;
Code:
$sql = "INSERT INTO Comment (comment, userID, reviewID)
VALUES ('".$comment."', '".$userID."', '".$reviewID."')";
$query = $this->db->query($sql);
Thanks in advance