Home/ Questions/Q 8065287
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T11:37:13+00:00

i have been using codeigniter active record class for database acces, But one thing

  • 0

i have been using codeigniter active record class for database acces, But one thing i want to assure is the database security. My scenario is: I am using this query to access data from database. 

$q = $this->db->query("SELECT* FROM mytable WHERE id = '$p'");

After this i use return statement.

return $q->result();

when i load database to my view i encode the array with the json encode function and the json encode function not only shows the value of database table fields but also the table field names.
Is it secure or if not how can i avoid displaying table field names
thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can strip the table field names by changing your return statement to:

    return array_values($q->result_array());

    Better ways would be to parse the results:

    $q = $this->db->query("SELECT* FROM mytable WHERE id = '$p'");
$result = $q->result();

$values[] = $result['id'];
$values[] = $result['column1'];
$values[] = $result['column2'];

return $values;

    or specify which columns you need in the SQL statement in case the schema changes:

    SELECT id, column1, column2 FROM mytable WHERE id = '$p'

    Finally, as allen213 mentioned, you should use bindings to prevent injection attacks:

    $sql = 'SELECT * FROM mytable WHERE id = ?';
$q = $this->db->query($sql, array('id' => $p));
    • 0