I am developing a website and i am always cautious about the security. Working with mysql database using the prepare statement is a good choice to protect against sql injection. I am new to codeigniter and right now i am on 2.1.4 version. Which is the latest one. I could not get any information about the usage of mysqli extension with my framework. I would appreciate if someone helps me. Thanks.
Asked
Active
Viewed 706 times
0
d_4dinkey
- 731
- 1
- 6
- 12
-
Apologies for the extreme necroposting, but this is an important question because most people using CI < 4 often do not know that the "compile_binds" function actually doesn't do anything like bind_param. It's a lie. – site80443 Jul 06 '21 at 15:46
1 Answers
1
Taken from this post, you can install the driver to use MySQLi syntax:
Codeigniter includes a database driver for mysqli which can be set in system/application/config/database.php as:
$db['default']['dbdriver'] = "mysqli";
However, there are some limitations. From the various sources I've read (this, for example), doing multiple queries or prepared statements do not seem possible. You still get some benefits using the MySQLi syntax, but definitely not fully capitalizing on MySQLi's capabilities.
Community
- 1
- 1
PlantTheIdea
- 16,061
- 5
- 35
- 40