verhindert CI Active Record SQL Injection?Verhindern SQL Injection in CodeIgniter
hier ist mein Code
$this->db->select('t.DateTime,
su.FirstName,
su.MiddleName,
su.LastName,
l.Description,
t.Temperature,
t.UnitID,
t.Humidity');
$this->db->from('temperaturelogs as t');
$this->db->join('systemusers as su', 'su.UserID = t.Encoder');
$this->db->join('locations as l', 't.LocationID = l.LocationID');
$this->db->where("Cast(t.DateTime as date) >= '$start_date'");
$this->db->where("Cast(t.DateTime as date) <= '$end_date'");
$query = $this->db->get();
if ($query->num_rows() > 0)
{
return $query->result_array();
}
wenn ich diesen Eingang in End Date
auf Enter versucht.
Mein Input: '; Truncate Table systemusers; #
gibt mir diese Fehlermeldung:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'truncate table systemusers; #'' at line 6
SELECT
t
.DateTime
,su
.FirstName
,su
.MiddleName
,su
.LastName
,l
.Description
,t
.Temperature
,t
.UnitID
,t
.Humidity
FROMtemperaturelogs
ast
JOINsystemusers
assu
ONsu
.UserID
=t
.Encoder
JOINlocations
asl
ONt
.LocationID
=l
.LocationID
WHERE Cast(t.DateTime as date) >= '2016-03-21' AND Cast(t.DateTime as date) <= ''; truncate table systemusers; #'
der Fehler nicht relevant ...
die CI-Version verwenden Sie 'Echo CI_VERSION;'? – Viral
@ Viral Ich benutze die neueste Version. –