Site security - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21) +--- Thread: Site security (/showthread.php?tid=22461) |
Site security - El Forum - 09-10-2009 [eluser]richzilla[/eluser] A security question, whats the best way to prevent users entering html into a database. Ive been testing my new codeigniter app, and i can still enter html into my fields. Obviously this isnt an ideal situation, what ways is there around this? thanks Site security - El Forum - 09-10-2009 [eluser]Wuushu[/eluser] In the form validation, add the parameter "strip_tags". This will filter out html tags. Site security - El Forum - 09-10-2009 [eluser]BrianDHall[/eluser] The form validation classes really make this easier, as so long as you read the manual section on that closely and commit it to memory and give a little extra thought to ratcheting down just what is or isn't supposed to be entered into a form field, you'll be just fine. Form Validation Rule Reference And of course they take any PHP native function that accepts one parameter - like strip_tags, or htmlentities, or chomp/trim, or sha1/md5, etc. |