Note :My question is not a duplicate question for Does CodeIgniter automatically prevent SQL injection? or how to avoid sql injection in codeigniter because it asked query() function. I am asking function like insert(), update() , where(), order_by()?
I am asking that following types of queries also automatically prevent SQL injection?
01.
$data = array(
'title' => $title,
'name' => $name,
'date' => $date
);
$this->db->where('school', $school);
$this->db->update('mytable', $data);
02
$this->db->select('*');
$this->db->from('table_name');
$this->db->where('pro_name', $pro_name);
$this->db->order_by($pro_type, 'desc');
$query = $this->db->get();
return $query->result_array();
Assume that all variables are GET or POSTS values.
CodeIgniter's Active Record methods https://www.codeigniter.com/userguide2/database/active_record.html automatically escape queries for you, to prevent injection.
You may find answer in here https://stackoverflow.com/a/5857481/4895810