SQL Injection using $this->db->get()->result(); |
[eluser]Vadorequest[/eluser]
Hi. My website had been injected by SQL injection like this: http://vadorequest.fr/gameJam/getScoresA...)END)+DESC I thought that CI provided a protection against SQL injections, I'm wrong? The breach is not available anymore, but before just with some changes the query returned other results.
[eluser]CroNiX[/eluser]
That would really depend on the query, whether active records or query binding were used, etc.
[eluser]Vadorequest[/eluser]
I used ActiveRecord. $this->db->select($select) ->from($table)->limit($this->_secureLimits($nb), $this->_secureLimits($debut)->get()->result();
[eluser]Vadorequest[/eluser]
Up. ^^ How it's possible that CI don't protect against this kind of injections? There is a lot of keywords... |
Welcome Guest, Not a member yet? Register Sign In |