Welcome Guest, Not a member yet? Register   Sign In
SQL Injection using $this->db->get()->result();
#1

[eluser]Vadorequest[/eluser]
Hi.

My website had been injected by SQL injection like this:

http://vadorequest.fr/gameJam/getScoresA...)END)+DESC

I thought that CI provided a protection against SQL injections, I'm wrong?
The breach is not available anymore, but before just with some changes the query returned other results.
#2

[eluser]CroNiX[/eluser]
That would really depend on the query, whether active records or query binding were used, etc.
#3

[eluser]Vadorequest[/eluser]
I used ActiveRecord.

$this->db->select($select) ->from($table)->limit($this->_secureLimits($nb), $this->_secureLimits($debut)->get()->result();
#4

[eluser]Vadorequest[/eluser]
Up. ^^

How it's possible that CI don't protect against this kind of injections? There is a lot of keywords...




Theme © iAndrew 2016 - Forum software by © MyBB