In CodeIgniter, how can I avoid sql injection? Is there any method to set in config file to avoid sql injection? I am using this code for selecting values:
$this->db->query("SELECT * FROM tablename WHERE var= $val1 ");
and this for inserting values:
$this->db->query("INSERT INTO tablename (`var1`,`var2`) VALUES ( $val1 , $val2 )");
Another method used to insert and select values from the database is CodeIgniter s insert() and get() methods. Is any chance to sql injection while using CodeIgniter s bulit-in functions