I dont have any previous experience with PDO, so my question may sound too

Question

0

Asked: June 6, 20262026-06-06T23:36:12+00:00 2026-06-06T23:36:12+00:00

I dont have any previous experience with PDO, so my question may sound too

0

I dont have any previous experience with PDO, so my question may sound too simple.
I heard few times that PDO is better than mysql/mysqli in terms of security ,and since Codeigniter is supporting PDO driver, I decided to make the change in my new project.

but as I’m aware of Codeingiter doesn’t use prepared statements, and (I think) it missed the point of using PDO, is that correct, and is it insecure?
So my question: is using PDO driver with codeigniter considered insecure?
And, does that mean I must take care of the basic security by myself?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-06T23:36:13+00:00

All query calls are escaped in the simplified $this->db functions, such as delete() and get_where(). This adds some automated security.

If written too slobby, you may grant access to users to edit other users content for instance. So there’s no magical solution to full security. The more detailed you are, the more correct your code will work for you.

If you need custom queries, you can do like this:

$int_user_id = 1;

$this->db->query("
SELECT *
FROM users
WHERE id = ?
", array($int_user_id));

Note: To implement IN () and LIKE, you need to escape accordingly, and not insert through array() and ?.

query()
escape()

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I dont have any previous experience with PDO, so my question may sound too

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply