codeigniter sanitize direct query
CodeIgniter is fine in sanitizing database queries as far as you use
active records. However, how to sanitize direct queries if we cannot use
normal forms of active records:
Example 1
$query = $this->db->query('SELECT name, title, email FROM my_table Where
'.my_complex_process(title).'='.$userText,' Some Complex Joins');
and I'm not sure about this case if sanitized by CI:
Example 2
$this->db->join('B', 'aCol = '.$usertext.' AND bOtherCol = 0');
$this->db->get('A');
Does CodeIgniter have any tool to sanitize $usertext or results of
functions by the developer?
No comments:
Post a Comment