Hello,

After testing a site I found there are vulnerable parameters in mysql.

I tried using $this->db->escape on input’s that come from the url but it does not display my html/javascript

How would I prevent injection in such a case.

Would I use mysql_real_escape_string?

Thanks