My program failed the security scannning for sql injection. The following is one of my function to insert data into db.. Please advice how should I modify my code to prevent SQL injection. Thanks in advance.
public function set_timeline() {
$this->load->helper('url');
$this->load->helper('form');
$data = array(
'fiid' => $this->input->post('fiid'),
'project_id' => $this->input->post('project_id'),
'testing' => $this->input->post('testing'),
'start_date' => $this->input->post('start_date'),
'end_date' => $this->input->post('end_date'),
'description' => $this->input->post('description'),
'project_progress' => $this->input->post('project_progress'),
'tester' => $this->input->post('tester'),
'status' => $this->input->post('status')
);
$this->db->insert('timeline',$data);
if ($this->db->affected_rows() > 0) {
echo '<script>alert("Timeline Added Successfully"); window.history.back(); </script>';
}
else {
echo '<script>alert("Timeline already exist!"); window.history.back();</script>';
}
}
