Codeigniter 3 如何防止登录时的sql注入
如何向管理员登录添加SQL注入函数 C_日志功能Codeigniter 3 如何防止登录时的sql注入,codeigniter-3,Codeigniter 3,如何向管理员登录添加SQL注入函数 C_日志功能 function index(){ if (isset($_POST['submit'])){ $username = $this->input->post('a'); $password = hash("sha512", md5($this->input->post('b'))); $cek = $this->model_app
function index(){
if (isset($_POST['submit'])){
$username = $this->input->post('a');
$password = hash("sha512", md5($this->input->post('b')));
$cek = $this->model_app->cek_login($username,$password,'users');
$row = $cek->row_array();
$total = $cek->num_rows();
if ($total > 0){
$this->session->set_userdata('upload_image_file_manager',true);
$this->session->set_userdata(array('username'=>$row['username'],
'level'=>$row['level'],
'id_session'=>$row['id_session']));
redirect('administrator/home');
}else{
$data['title'] = 'Username or Password salah!';
$this->load->view('administrator/view_login',$data);
}
}else{
$data['title'] = 'Administrator › Log In';
$this->load->view('administrator/view_login',$data);
}
}
我创建了一个这样的函数,但得到了一个注入,有解决方案吗?我目前正在尝试向表单中添加codeigniter默认安全函数 安全->清理文件名 到目前为止,我的网站上还没有注射
$username = $this->security->sanitize_filename($this->input->post('a',TRUE));
$password = $this->security->sanitize_filename(hash("sha512", md5($this->input->post('b',TRUE))));