Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
DB::query security(SQL injection)
  • Hi, I am working on implementing the systems for authentication.

    I would like to ask about security of DB::query method.

    I have heard DB::query may not escape the sql statement. So that, I need to avoid executing it just as it is.

    Do you have any ideas to escape it?

    my code is:

    $data[] = array(
        'id' => $id,
        'desk' => $desk,

    $query = \DB::insert('sample')
    foreach ($data as $item) {
    \DB::query($query->compile() . "ON DUPLICATE KEY UPDATE `desk` = VALUES(`desk`), `updated_at` = NOW()")->execute();
  • Hello, how are you?

    I advise you to use the fuel authentication package, everything you need is already implemented.

    I believe this will save you a lot of time.

    Hope this helps

    Merry Christmas :)
  • Any code that is generated is escaped properly.

    If you want to construct your own query, you can manually quote values using


    and identifiers using


Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion