Love Fuel?
Donate
About
Forums
Discussions
Login
FuelPHP Forums
Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
General
DB::query security(SQL injection)
helloss
December 2020
Hi, I am working on implementing the systems for authentication.
I would like to ask about security of DB::query method.
I have heard DB::query may not escape the sql statement. So that, I need to avoid
executing it
just as it is.
Do you have any ideas to escape it?
my code is:
$data
[] =
array
(
'id'
=>
$id
,
'desk'
=>
$desk
,
);
$query
= \
DB
::
insert
(
'sample'
)
->
columns
(
[
'id'
,
'desk'
]);
foreach
(
$data
as
$item
) {
$query
->
values
(
[
$item
[
'id'
],
$item
[
'desk'
],
]);
}
\
DB
::
query
(
$query
->
compile
() .
"ON DUPLICATE KEY UPDATE `desk` = VALUES(`desk`), `updated_at` = NOW()"
)->
execute
();
andersoncdz
December 2020
Hello, how are you?
I advise you to use the fuel authentication package, everything you need is already implemented.
https://fuelphp.com/docs/packages/auth/intro.html
https://fuelphp.com/docs/packages/auth/examples/auth.html
I believe this will save you a lot of time.
Hope this helps
Merry Christmas
:)
Harro
December 2020
Any code that is generated is escaped properly.
If you want to construct your own query, you can manually quote values using
\DB::quote($value)
and identifiers using
\DB::quote_indentifier($identifier)
See
https://fuelphp.com/docs/classes/database/db.html#/method_quote
Add a Comment
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Sign In
Apply for Membership
Categories
All Discussions
5,088
General
↳ General
3,364
↳ Job Board
13
↳ Installation & Setup
214
Packages
↳ Oil
213
↳ Orm
700
↳ Auth
260
Development
↳ Tips and Tutorials
126
↳ Code share
145
↳ Applications
52
In this Discussion
andersoncdz
December 2020
Harro
December 2020