CodeIgniter Forums

Full Version: Content failing to insert because of special characters
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

[eluser]-sek[/eluser]
Does anyone know why when a special character like the one MS Word substitutes for 1/4 is posted from my form and an attempt is made to insert into the database, the entire content fails to insert?

I have XSS checking turned off on this field even though I understand it should not delete content, but replace the offending character. Is there something in CI sanitizing this? Or should I look elsewhere in my code?

I did some further testing and discovered the text is being removed by the XSS checking on $this->input->post(), so at least I know why the text is vanishing. I just don't know why the text comes back empty from XSS scrubbing instead of just removing the offending character.

Thanks

El Forum

[eluser]stef25[/eluser]
i tried out some xss attacks and some stuff does get filtered out completely so i guess what you are seeing is normal.

more at http://ha.ckers.org/xss.html and a good xss filter which you can use as a plugin

http://quickwired.com/smallprojects/php_...nction.php