Codeigniter SQL Injection Prevention


Solutions Codeigniter SQL Injection Prevention Sql Injection Prevention Codeigniter
CodeIgniter provides inbuilt functions and libraries to prevent from the SQL injections. Using the active records we can prevent from the SQL injections.

The difference between the simple query and the active records

The unsafe simple query method in Codeigniter. <?php $this->db->query("SELECT user_id from users WHERE username=$username and password=$password ")->row_array(); ?> The safe active records method in the Codeigniter for SQL injection prevention. <?php $this->db->SELECT('user_id')->WHERE(['username'=>$username,'password'=>$password]) ->get('users')->row_array(); ?> Try to use also the Codeigniter input library instead of $_GET[] and $_POST[]

Example

<?php $username = $this->input->post('username'); $password= $this->input->post('password'); ?>
Solutions Sql Injection Prevention Codeigniter Chapter Next »