Closed
Description
_wh()、_where_in()、_like() do not filter on query fields, If the developer incorrectly receives the query fields from the client, it can lead to SQL injection.
Example: https://github.com/726232111/CodeIgniter3.1.13-SQL-Inject/blob/main/README.md
I'm not sure if this is assessed as a security issue.
Metadata
Metadata
Assignees
Labels
No labels