Hey guys, I am trying to create a ticketing system and I had a question here.
do I need to use escapeString() while using a model->save($entity)?
if so, while using escapeString, after saving the TicketReply entity, the content message is something like this:
but I just need to be sure user is not submitting malicious code like js or html etc.
Thanks for taking the time.
do I need to use escapeString() while using a model->save($entity)?
if so, while using escapeString, after saving the TicketReply entity, the content message is something like this:
PHP Code:
test\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\n
PHP Code:
// this is actually my question, do I need to escape this field or CI does it for me?
$reply = $tickets->escapeString($this->request->getPost("reply_message"));
// Creating
$replyMessage = new TicketReply;
$replyMessage->ticket_id = $ticket->id;
$replyMessage->user_id = $this->user->id;
$replyMessage->message = $reply;
// insert new reply message ?
if(model("TicketReplyModel")->save($replyMessage))
{
// redirect with success message
}
else // failed to save replied message ...
Thanks for taking the time.
