Welcome Guest, Not a member yet? Register   Sign In
Form validation
#1

Hello ,

I'm doing a form validation in codeigniter like the following : 
$this->form_validation->set_rules('first_name', 'First Name', 'trim|xss_clean|required');

if insert in my field the word "<script>" , the xss_clean is removing the word "<script>" and the field becomes empty and the required validation is bypassed and accepting the empty entry and it can be inserted in my database.

could you please help me with this .
Thanks
Reply
#2

Apply xss_clean() on output, not before you store it.
Reply
#3

(03-06-2017, 10:43 AM)Narf Wrote: Apply xss_clean() on output, not before you store it.

Hi Narf , Thanks for replying , i just want to make sure i understand correctly . here is the situation : 
if i do it this way 
$this->form_validation->set_rules('first_name', 'First Name', 'required'); 

if someone put <script> , required will be ok , 
then if i apply the xss clean after that or let's say i move the post data to a variable and apply xss clean on it 
the variable will become empty since xss clean will remove the <script> and required will never detect again
Reply




Theme © iAndrew 2016 - Forum software by © MyBB