How do I prevent sql injection in codeigniter for additional security?
Does Codeigniter do that itself or do I have to make my own? I want my
pages to be heavily secure.
CodeIgniter DOES ESCAPE the variables you pass by when using the $this->db->query method. But ONLY when you pass the variables as binds, here's an example:
$dbResult = $this->db->query("SELECT * FROM users WHERE username = '?'", array($this->input->post('username'))); Also remember that $_POST shouldn't be preferred over $this->input->post since what it does is check if the variables exists to prevent errors.
CodeIgniter DOES ESCAPE the variables you pass by when using the $this->db->query method. But ONLY when you pass the variables as binds, here's an example:
ReplyDelete$dbResult = $this->db->query("SELECT * FROM users WHERE username = '?'", array($this->input->post('username')));
Also remember that $_POST shouldn't be preferred over $this->input->post since what it does is check if the variables exists to prevent errors.