0x00
In the CI Framework, the Get and post parameters are used in the $this->input class. get and post methods.
Where, if the second argument of the get and post methods is true, the input parameters are XSS -Filtered, Note that XSS filtering is not an effective precaution against SQL injection.
Example:
Controller , define a shit method to get the get data:
Specifies that the second argument is true:
(1) XSS Test
(2)SQL injection test
Single quotes are not processed.
Example in the program dance CMS , the CMS is a cmsthat is developed based on the CI framework :
The variables here are only post XSS filtering and cannot prevent SQL injection.
Using a concatenation of SQL statements, directly into the database query:
0x01
In the CI Framework, It is more reliable to use the AR class for database query, because the bottom layer will help the user to perform a valid escape, but it is only escaped.
The method of filtering is escape_str () :
function Escape_str ($str, $like = FALSE) { var_dump ($STR); echo "\ n"; if (Is_array ($STR)) { foreach ($str as $key = = $val) { $str [$key] = Escape_str ($val, $like); } return $str; } if (function_exists (' mysql_real_escape_string ')) { $str = addslashes ($STR); } ElseIf (function_exists (' mysql_escape_string ')) { $str = mysql_escape_string ($STR); } else { $str = addslashes ($STR); } Escape like condition wildcards if ($like = = = TRUE) { $str = str_replace (Array ('% ', ' _ '), Array (' \\% ', ' \\_ '), $str); } return $STR;}
The method simply invokes some escape functions and filters the like parameters.
If the queried variable is not wrapped in quotation marks, it cannot be protected:
0x02
The AR class filtering scheme is not considered the key value of the array, looking at the SQL injection of the large CMS , because of the array It is not uncommon for $key to filter the vulnerabilities directly into SQL queries.
The output is:
0x03
The CI Framework is fast, lightweight, and can be used without having to learn a template language alone. But if the CI framework in the security mechanism to understand not thorough, will lead to endless loopholes, program dance CMS is a good example, was grass so many back, the code is so rotten, directly in Controller wrote in SQL , said the Model it.
SQL injection Vulnerability in CI framework