• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
SQLIA on CI

#1
Hello,

I am doing a Thesis on SQL injection in php and codeigniter.

After reading this tutorial:  https://www.roytuts.com/prevent-sql-inje...deigniter/

I wonder if any ci based website can be sql injected ?

Any clue ?

It seems like all the queries must follow on of the following rules:

1) Escaping Queries
2) Query Bindings
3) Active Record

Is it possible to create queries model that do not follow those rules in codeigniter?  Which can be sql injected ?

Any advice ?

Thanks in advance.
" If I looks more intelligence please increase my reputation."
Reply

#2
@davy_yg,

Any website/framework can be sql injected if programming best practices are not followed. Ultimately, it is up to the developer to follow best programming practices to prevent it from happening.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.