Reputation: 15269
Code Igniter insert MySQL function with database class
I got the data , that are going to be saved into my database using the CI's database class:
$data = array(
'login' => $this->input->post('login', TRUE),
'password' => $this->input->post('password', TRUE),
'email' => $this->input->post('email', TRUE)
);
return $this->db->insert('account', $data);
Now I need to use the MySQL function PASSWORD() to get the password post hash.
I've tried this way:
'password' => "PASSWORD(" . $this->input->post('password', TRUE) . ");
But CI's database class convert it to the following string:
INSERT INTO `accounts` [..] 'PASSWORD("mypassword")'
so as you can see, it won't work since it will save the whole string between '.
Is there any solution for this or I'd have to use the $this->db->query ?
Upvotes: 3
Views: 5127
Answers (2)
Reputation: 21
Do not forget to escape the password !
You disable escaping for the password with Colin's solution.
You could use $this->db->escape to escape it
example for possible injection:
$injection = '"), "malicious data" #")';
echo 'PASSWORD("'.$injection.'")';
I hope I got this right.
Upvotes: 0
Reputation: 21565
You can use the set() method to set your INSERT values, and then pass a third parameter (FALSE) to prevent CodeIgniter from escaping PASSWORD. Something like this:
$this->db->set('login', $this->input->post('login', TRUE));
$this->db->set('password', 'PASSWORD("'.$this->input->post('password', TRUE).'")', FALSE);
$this->db->set('email', $this->input->post('email', TRUE));
return $this->db->insert('account');
Upvotes: 4
Related Questions
- insert data into database with codeigniter
- Inserting data into Database CodeIgniter 3.x
- Codeigniter Inserting data into database
- how to create insert function in model
- Insert data into database using codeigniter 3
- How do I insert data into a table using the Code Igniter framework?
- Insert in to database using codeigniter
- Insert statement in codeigniter
- MySQL Functions in Codeigniter Data
- php insert sql function