[CI4] Escaping ticket content message - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5) +--- Forum: Best Practices (https://forum.codeigniter.com/forumdisplay.php?fid=12) +--- Thread: [CI4] Escaping ticket content message (/showthread.php?tid=78252) |
[CI4] Escaping ticket content message - Awlikhaleghi - 12-22-2020 Hey guys, I am trying to create a ticketing system and I had a question here. do I need to use escapeString() while using a model->save($entity)? if so, while using escapeString, after saving the TicketReply entity, the content message is something like this: PHP Code: test\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\n PHP Code: // this is actually my question, do I need to escape this field or CI does it for me? Thanks for taking the time. RE: [CI4] Escaping ticket content message - kenjis - 12-25-2020 > need to be sure user is not submitting malicious code like js or html etc. escapeString() has nothing to do with them. https://codeigniter.com/user_guide/database/queries.html#escaping-queries |