CodeIgniter 3.1.0 addressed a critical security issue within the ODBC database driver. This update includes crucial fixes to mitigate a SQL injection vulnerability, preventing potential exploitation by attackers. It is noteworthy that these fixes render the query builder and escape() functions incompatible with the ODBC driver. However, the update introduces actual query binding as a more secure alternative.

References

• simplysites/CodeIgniter@3d10ffa
• https://forum.codeigniter.com/thread-65803.html
• https://github.com/FriendsOfPHP/security-advisories/blob/master/codeigniter/framework/2016-07-26-1.yaml