Prevent SQL Injection in Codeigniter

This tutorial will show you how to prevent SQL injection in Codeigniter application.

SQL injection is:

a malicious code injection technique that may destroy your database.

one of the most common web hacking techniques.

the placement of malicious code in SQL statements, via input fields in web page.

It is very important to escape the variable you pass by when using to the database query because in web application security SQL injections play an important role.

We usually use mysql_real_escape_string() function to prevent SQL injections, but we do not need to use this function in case of Codeigniter. In Codeigniter we have different ways such as Escaping Queries, Query Binding and Active Record to prevent SQL injection in Codeigniter.

The following reference has been taken from Codeigniter documentation.

Escaping Queries

It’s a very good security practice to escape your data before submitting it into your database. CodeIgniter has three methods that help you do this: Continue reading “Prevent SQL Injection in Codeigniter”