Search code examples
phpmysqlcodeignitersql-injection

"Use PDO" in MySQL Table. Is this a hack?

OK, it may sound ridiculous but this is what happened :

  • I've set up a site, fully working, on CodeIgniter
  • The site is obviously db-driven, with users tables (and many more) in it
  • Today, I've logged in, and in the place of "Name"... instead of the username, I'm seeing "Use PDO" (I've also checked the db table, from phpMyAdmin, and the specific field seems to have been altered :S).

And I'm thinking : "Somebody has hacked the site". Something like a bad (though educational) joke, maybe?

Am I right? (I feel a bit stupid asking that, but whatever...)

If so, what should I do in order to prevent such a thing happening in the future?

Hint : ALL my db access is done using CodeIgniter's db function, so I suppose everything should have been properly escaped. Any ideas?

Solution

  • The issue has been resolved, thanks to @raina77ow.

    The Db access had been in a really bad shape, and the (quasi obvious) solution was to start using Prepared statements and Query bindings.

    Reference : http://codeigniter.com/user_guide/database/queries.html