• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[CI4] Escaping ticket content message

#1
Question 
Hey guys, I am trying to create a ticketing system and I had a question here.
do I need to use escapeString() while using a model->save($entity)?
if so, while using escapeString, after saving the TicketReply entity, the content message is something like this:
PHP Code:
test\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\
but I just need to be sure user is not submitting malicious code like js or html etc.

PHP Code:
// this is actually my question, do I need to escape this field or CI does it for me?
$reply $tickets->escapeString($this->request->getPost("reply_message"));
// Creating 
$replyMessage = new TicketReply;
$replyMessage->ticket_id $ticket->id;
$replyMessage->user_id $this->user->id;
$replyMessage->message $reply;

// insert new reply message ?
if(model("TicketReplyModel")->save($replyMessage))
{
    
// redirect with success message
}
else 
// failed to save replied message ... 

Thanks for taking the time.
Reply

#2
> need to be sure user is not submitting malicious code like js or html etc.

escapeString() has nothing to do with them.

https://codeigniter.com/user_guide/datab...ng-queries
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.