I'm trying to make sure that my code igniter query is safe from sql injection but I can't really find an example illustrating this or explaining if these parameters I'm using are escaped/bound.
$inputArray = [1,2,3,4,5];
$this->db_name->select('a_column');
$this->db_name->from('a_table');
foreach ($inputArray as $item) {
$this->db_name->or_where('id',$item);
}
$query = $this->db_name->get();
Most importantly, are all the items that I'm checking for as a matching id from my input array bound/escaped to protect from SQL injection? If not, how should I structure it in a query like this?
I don't really care for how I've structured this query any guidance on this would be appreciated. In fact I don't really like it at all but I need to make sure I'm using query building with code igniter in such a way that it will be easily switchable to a different database system if for whatever reason I wasn't using the one I'm using now (eg. mysql to oracle) - I also realize that a where clause that simple would probably never differ and is universal if I were to just put it in with regular SQL but I'm trying to learn best practices for CI when other scenarios come up and things might be more complicated or differ between database systems and syntax.
Any help is much appreciated! Thanks.
