Preventing SQL injection in Codeigniter

In codeIgniter ,we no need to use mysql_real_escape_string() function, Codeigniter provides inbuilt functions and libraries to generate SQL queries by using those methods or functions we can avoid SQL injections.
There are three methods to prevent SQL injections in Codeigniter application, they are
1) Escaping Queries
2) Query Binding
3) Active Record Class
1. Preventing SQL injection in Codeigniter using Escaping Query Method
Example:
   $email= $this->input->post('email');
   $query = 'SELECT * FROM subscribers_tbl WHERE user_name='.$this->db->escape($email);
   $this->db->query($query);
2. Preventing SQL injection in Codeigniter using Query Binding Method
Example:
    $sql = "SELECT * FROM subscribers_tbl WHERE status = ? AND email= ?";
    $this->db->query($sql, array('active', 'support@keredari.com));
3. Preventing SQL injection in Codeigniter using Active Record Class
$this->db->get_where('subscribers_tbl',array('status' => 'active','email' => 'support@keredari.com'));

Comments

Popular posts from this blog

Stop video playing when Bootstrap modal is closed