Home/ Questions/Q 8548667
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T13:32:49+00:00

Just read this on Stack overflow and thus left me wondering if SQL injection

  • 0

Just read this on Stack overflow and thus left me wondering if SQL injection is possible through active records in CI.

At most of the places in my project, for user registration and user profile update, I have done SQL insertions like this :

Controller :

$name = $this->input->post('name');
$last_name = $this->input->post('last_name');
$age = $this->input->post('dob');

$user_data = array(
    'name' => $name,
    'last_name' => $last_name,
    'age' => $age
);

$this->user_model->add_user_function($user_data);

Model:

function add_user_function($data)
{
    $this->db->insert('user_table',$data);
    return;
}

Just like the example in the SO link above, is my code vulerable to SQL injection?
Can you give a particular example if it is possible to harm my system, and how can I prevent if it exists.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    There are 2 safety features already provided by CodeIgniter for your case.

    1. XSS filtering for your user input :
      Input Class has second boolean parameter for its methods, which lets you run the input through a XSS filter in case you do not have global xss filter on.

    2. For SQL injections, using binded queries and Active records is safe, it will save you from SQL injections as the framework does all of the work of escaping vulnerable user input. There are few vulnerabilities with Active records, that are reported by users, they are however fixed quickly in suqsequent releases by the CodeIgnitor team ( EllisLabs)

    • 0