Safe data from database - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21) +--- Thread: Safe data from database (/showthread.php?tid=18899) |
Safe data from database - El Forum - 05-21-2009 [eluser]Jagar[/eluser] Is there any way to return safe data from database in CI, I tried to insert something with quotes, it does insert properly using Mysql_real_escape_string function, but when getting back, the form does not display properly. Thanks Safe data from database - El Forum - 05-21-2009 [eluser]janogarcia[/eluser] Hi, Have you tried using the Form helper to generate your form fields or alternatively the form_prep() function? Safe data from database - El Forum - 05-21-2009 [eluser]Thorpe Obazee[/eluser] [quote author="Jagar" date="1242948503"]Is there any way to return safe data from database in CI, I tried to insert something with quotes, it does insert properly using Mysql_real_escape_string function, but when getting back, the form does not display properly. Thanks[/quote] how does it 'not display properly'? Safe data from database - El Forum - 05-21-2009 [eluser]Jagar[/eluser] The site is on intranet, and not many people will be using it, but there are stupid people who will mess with it and will do anything to crash it. I have a form(not used form helper), it adds certain data, so I was inserting the weirdest strings I could think of such as Code: [removed] Thanks! Safe data from database - El Forum - 05-21-2009 [eluser]Jagar[/eluser] I didn't know it would remove javascript, what I had is javascript tags with no close double quote Safe data from database - El Forum - 05-21-2009 [eluser]Jagar[/eluser] I will try form_prep, and see how it goes. Safe data from database - El Forum - 05-21-2009 [eluser]Tom Schlick[/eluser] google the htmlpurifier it has alot of options for escaping things and replacing with entities. it can easily be dropped in as a CI library. Safe data from database - El Forum - 05-22-2009 [eluser]Jagar[/eluser] About the form prep, if I apply form_prep on results coming from database, and then load them into the form, for editing for example. Is it going to change it back to normal html or it'll be saved as to what form_prep had changed to? |