1

Note :My question is not a duplicate question for Does CodeIgniter automatically prevent SQL injection? or how to avoid sql injection in codeigniter because it asked query() function. I am asking function like insert(), update() , where(), order_by()?

I am asking that following types of queries also automatically prevent SQL injection?

01.

$data = array(
        'title' => $title,
        'name' => $name,
        'date' => $date
);

$this->db->where('school', $school);
$this->db->update('mytable', $data);

02

$this->db->select('*');
$this->db->from('table_name');
$this->db->where('pro_name', $pro_name);        
$this->db->order_by($pro_type, 'desc');
$query = $this->db->get();
return $query->result_array();

Assume that all variables are GET or POSTS values.

Dharman
  • 30,962
  • 25
  • 85
  • 135
Damith Ruwan
  • 338
  • 5
  • 18
  • Possible duplicate https://stackoverflow.com/questions/5857386/how-to-avoid-sql-injection-in-codeigniter?answertab=active#tab-top – Geee Jun 06 '17 at 04:31
  • 2
    @GhanshyamBhava It is not a duplication question too that quetion too because it is also asked the `query()` function. I am asking about function like` insert(), update() , where(), order_by()`? – Damith Ruwan Jun 06 '17 at 04:34
  • Does this answer your question? [how to avoid sql injection in codeigniter](https://stackoverflow.com/questions/5857386/how-to-avoid-sql-injection-in-codeigniter) – Dharman Nov 14 '21 at 19:41

1 Answers1

1

CodeIgniter's Active Record methods https://www.codeigniter.com/userguide2/database/active_record.html automatically escape queries for you, to prevent injection.

You may find answer in here https://stackoverflow.com/a/5857481/4895810

Jeevan
  • 317
  • 4
  • 18