[CI4] Escaping ticket content message |
Hey guys, I am trying to create a ticketing system and I had a question here.
do I need to use escapeString() while using a model->save($entity)? if so, while using escapeString, after saving the TicketReply entity, the content message is something like this: PHP Code: test\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\n PHP Code: // this is actually my question, do I need to escape this field or CI does it for me? Thanks for taking the time.
> need to be sure user is not submitting malicious code like js or html etc.
escapeString() has nothing to do with them. https://codeigniter.com/user_guide/datab...ng-queries |
Welcome Guest, Not a member yet? Register Sign In |