Welcome Guest, Not a member yet? Register   Sign In
SQLIA on CI
#1

Hello,

I am doing a Thesis on SQL injection in php and codeigniter.

After reading this tutorial:  https://www.roytuts.com/prevent-sql-inje...deigniter/

I wonder if any ci based website can be sql injected ?

Any clue ?

It seems like all the queries must follow on of the following rules:

1) Escaping Queries
2) Query Bindings
3) Active Record

Is it possible to create queries model that do not follow those rules in codeigniter?  Which can be sql injected ?

Any advice ?

Thanks in advance.
" If I looks more intelligence please increase my reputation."
Reply
#2

(This post was last modified: 07-09-2018, 09:43 AM by php_rocs.)

@davy_yg,

Any website/framework can be sql injected if programming best practices are not followed. Ultimately, it is up to the developer to follow best programming practices to prevent it from happening.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB