-1

I am working with "Rest API's/web services" in codeigniter,And i want to make Api secure So for this purpose i am using following query (for example)

$sql = "INSERT INTO table (title) VALUES(".$this->db->escape($title).")";

I want to know that above way is enough for prevent sql injection using codeigniter or there should be something more ?

amit
  • 1
  • 1
  • 18
  • 28

1 Answers1

0

Your Problem is perfectly solvable with Codeigniters query builder. In your case it would look like

$arrData = [
    'title' => $title
];

$this->db->insert('table', $arrData);

As mentioned Codeigniter comes with a built in query builder. I strongly suggest to use it because it makes your life much easier. If you use it you are protected against sql injections.

Take a look at their documentation and study it carefully - here is the link.

Atural
  • 5,389
  • 5
  • 18
  • 35
  • it means i dont need to use like any technique or any code/function for prevent sql injection , Codeigniter itself preventing sql injection, i have to write simple insert query ( like as you mentioned ) ?? – amit Nov 11 '19 at 08:32
  • yes - thats it - as long as you use the query builder properly - you are protected against sql injections. – Atural Nov 11 '19 at 08:38
  • my last question is " is codeigniter by default including query builder ?" and i have to write simple insert , update or delete query ....right ? – amit Nov 11 '19 at 08:43
  • you have to set in your `database.php` under `application/config/` the variable `$query_builder = true;`. After that you can use your models. – Atural Nov 11 '19 at 09:03
  • in my side, its already true, it means sql preventing in my side already, am i right sir ? – amit Nov 11 '19 at 09:49