how to prevent application from sql injection in codeigniter

Solutions on MaxInterview for how to prevent application from sql injection in codeigniter by the best coders in the world

showing results for - "how to prevent application from sql injection in codeigniter"
Francesco
19 May 2018
1CodeIgniter's Active Record methods automatically escape queries for you, to prevent sql injection.
2
3$this->db->select('*')->from('tablename')->where('var', $val1);
4$this->db->get();
5or
6
7$this->db->insert('tablename', array('var1'=>$val1, 'var2'=>$val2));
8If you don't want to use Active Records, you can use query bindings to prevent against injection.
9
10$sql = 'SELECT * FROM tablename WHERE var = ?';
11$this->db->query($sql, array($val1));
12Or for inserting you can use the insert_string() method.
13
14$sql = $this->db->insert_string('tablename', array('var1'=>$val1, 'var2'=>$val2));
15$this->db->query($sql);
16There is also the escape() method if you prefer to run your own queries.
17
18$val1 = $this->db->escape($val1);
19$this->db->query("SELECT * FROM tablename WHERE var=$val1");