CodeIgniter Forums

Full Version: What validation rules do you use by default?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

[eluser]gon[/eluser]
Hi,

I've been using xss_clean whn validating all fields in my apps.
Is it worth using xss_clean always, or just when showing that data to the user, or inserting data into DB?

What validation rules do you use by default, if you do?

Cheers.

El Forum

[eluser]Pascal Kriete[/eluser]
Any type of pruning function should be done when inserting. xss_clean can be computationally expensive - and users are much more forgiving to slow load times if they just submitted a form. Inserts also tend to happen less frequently.

I usually just set the global xss_clean flag to true. The other validation rules depend on the situation, the only one that is always there is trim.

El Forum

[eluser]Chicken's Egg[/eluser]
Trim and xss_clean are the ones I use the most (nearly always). The others when needed.

El Forum

[eluser]onejaguar[/eluser]
Be careful using xss_clean on everything; for instance it can cause problems with people's passwords, see:

http://ellislab.com/forums/viewthread/80858/

At the bottom of the thread you can also read my feelings on xss_clean being overzealous and unnecessary when using other simpler forms of validations (e.g. ctype_digit) or more complex ones like html validation.