+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21)
+--- Thread: should i xss_clean the parameter in controller or in model? (/showthread.php?tid=26953)
should i xss_clean the parameter in controller or in model? - El Forum - 01-27-2010
[eluser]searain[/eluser]
I have a controller which will take a string as the parameter value.
And this controller will load several models to handle this parameter value.
Where should I xss_clean on this parameter value? If I xss_clean it in the controller, I just need to call it once and then the xss_clean checked value will pass to the models and the models will not need to xss_clean it in each of them.
But in theory, some other controller would call these models too, and then due to these models are not xss_clean this parameter value, then it would be a problem.
So I think the good practice is calling xss_clean in models.
In my case, I know these models would only be called by this controller only. Should I still stick with the rule, call xss_clean in models? Or should I xss_clean in the controller?
Or should I call xss_clean both in controller or model?
What is your practice?
Thanks!
should i xss_clean the parameter in controller or in model? - El Forum - 01-27-2010
[eluser]richthegeek[/eluser]
Just autoclean everything - config/config.php has it in there somewhere.