This tutorial will show you how to prevent SQL injection using Codeigniter. It is very important to escape the variable you pass by when using to the database query because in web application security SQL injections play an important role. We usually use mysql_real_escape_string() function to prevent SQL injections, but we do not need to use this function in case of Codeigniter. In Codeigniter we have different ways such as Escaping Queries, Query Binding and Active Record to prevent SQL injections.
The following reference has been taken from Codeigniter documentation.
It’s a very good security practice to escape your data before submitting it into your database. CodeIgniter has three methods that help you do this: Continue reading “Prevent SQL Injection in Codeigniter”