luka032
Reputation: 955
Codeigniter php: SQL injection prevent
I've finished one application, but while developing haven't checked about sql injections and now at the end, i need to fix this little issue.
Here's my code, how could i on easiest way fix this to prevent sql injection (is there any function just to format my username, password parameters, not to change my code).
public function getArtistByUsernameByPassword($username, $password) {
$query = $this->db->query("SELECT * FROM artists WHERE username = '$username' AND password = ' $password'");
if ($query->num_rows() > 0) {
return $query->row_array();
}
return null;
}
Thanks in advance!
Upvotes: 0
Views: 430
Answers (2)
TheDrot
Reputation: 4337
Use Codeigniter's query builder class.
So your code would look like this.
$query = $this->db->get_where('artists', array('username' => $username, 'password' => $password));
Upvotes: 1
fatihn
Reputation: 147
Use db->escape() and db->escapestr() functions to avoid sql injection...
Upvotes: 0
Related Questions
- Deleting an element from an array in PHP
- How can I prevent SQL injection in PHP?
- How to concatenate text from multiple rows into a single text string in SQL Server
- How to add a column with a default value to an existing table in SQL Server?
- How to import an SQL file using the command line in MySQL?
- Reference Guide: What does this symbol mean in PHP? (PHP Syntax)
- Finding duplicate values in a SQL table
- How do I UPDATE from a SELECT in SQL Server?
- How does PHP 'foreach' actually work?
- Why shouldn't I use mysql_* functions in PHP?