haykuro/gist:5505173

## gistfile1.php
<?php
  // in response to: http://www.reddit.com/r/PHP/comments/1dknt8/is_there_any_vulnerabilities_in_this_method_ci/

  # Option 1 - Use CodeIgniter's built in DB sanitization.
  $user_id = $this->db->escape($this->input->post('user_id'));
  $query = $this->db->query("SELECT name FROM users WHERE user_id = ?", array($user_id));

  # Option 2 - user_id will ALWAYS be an integer, force it. Any strings will return 0, which is safe to pass.
  $user_id = (int)$this->input->post('user_id');
  $query = $this->db->query("SELECT name FROM users WHERE user_id = ?", array($user_id));
	<?php
	// in response to: http://www.reddit.com/r/PHP/comments/1dknt8/is_there_any_vulnerabilities_in_this_method_ci/

	# Option 1 - Use CodeIgniter's built in DB sanitization.
	$user_id = $this->db->escape($this->input->post('user_id'));
	$query = $this->db->query("SELECT name FROM users WHERE user_id = ?", array($user_id));

	# Option 2 - user_id will ALWAYS be an integer, force it. Any strings will return 0, which is safe to pass.
	$user_id = (int)$this->input->post('user_id');
	$query = $this->db->query("SELECT name FROM users WHERE user_id = ?", array($user_id));