One thing in the security of codeigniter is checking if the uri is a number or something that we expect! Here is the code:

$this->load->helper('form');
    $this->load->library('pagination');
    $config['permitted_uri_chars'] = '0-9'; 
    $config['base_url'] = '/member/index';
    $config['per_page'] = 5;
    $config['num_links'] = 10;
    $query_not_voted_rows = "SELECT p_id FROM photos WHERE p_id NOT IN (SELECT distinct p_id FROM p_votes where u_id = ".$this->session->userdata('u_id').")";
    $config['total_rows'] = $this->db->query($query_not_voted_rows)->num_rows();
    $config['full_tag_open'] = '<div id="pagination">';
    $config['full_tag_close'] = '</div>';
    $this->pagination->initialize($config);

    if($this->uri->segment(3) == '')
    {
        $segment_url = 0;
    }else{
        $segment_url = $this->uri->segment(3);
    }
    $query_not_voted = "SELECT * FROM photos WHERE p_id NOT IN (SELECT distinct p_id FROM p_votes where u_id = ".$this->session->userdata('u_id').") LIMIT ".$segment_url.", ".$config['per_page'];

Ama şimdi birileri uri segmentinde girerse: "kdkdkdd", daha sonra sql tatili, $segment_url kdkdkdd ve sayı değil çünkü!

Böylece soru bu kaçmak için nasıl, nedir?