Tips:
Always use $this->db->escape() after reading it from $this->request or $_GET
what is sql injection:
below query can be hacked:
[select * from my_table where var='$var']
if i pass $var=' OR delete from my_table where 1
It will delete all content of my_table.
$this->db->escape ...escape ' field so save from injection.
No comments:
Post a Comment