[eluser]treenef[/eluser]
I doubt removing the backticks would make much difference. It's valid sql AFAIK and is really only an issue if used with active record.
The real question is why
is referenced from a session id as opposed to a db query. I consider this poor design, you'd really only be storing important info like userid in the session. Then I would use a db query to obtain 'tel_customerid' from the userid. Or get this value from a form $_POST variable.
It is odd that only chrome would flag this up when the session is effectively empty but then codeigniter sessions don't work server side as does native php sessions so this browser anomaly sounds somewhat plausible. Thanks for the heads up.