Codeigniter SQL Injection Prevention


CodeIgniter provides inbuilt functions and libraries to prevent from the SQL injections. Using the active records we can prevent from the SQL injections.

The difference between the simple query and the active records

The unsafe simple query method in Codeigniter. <?php $this->db->query("SELECT user_id from users WHERE username=$username and password=$password ")->row_array(); ?> The safe active records method in the Codeigniter for SQL injection prevention. <?php $this->db->SELECT('user_id')->WHERE(['username'=>$username,'password'=>$password]) ->get('users')->row_array(); ?> Try to use also the Codeigniter input library instead of $_GET[] and $_POST[]

Example

<?php $username = $this->input->post('username'); $password= $this->input->post('password'); ?>
Chapter Next »