should i xss_clean the parameter in controller or in model? - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21) +--- Thread: should i xss_clean the parameter in controller or in model? (/showthread.php?tid=26953) |
should i xss_clean the parameter in controller or in model? - El Forum - 01-27-2010 [eluser]searain[/eluser] I have a controller which will take a string as the parameter value. And this controller will load several models to handle this parameter value. Where should I xss_clean on this parameter value? If I xss_clean it in the controller, I just need to call it once and then the xss_clean checked value will pass to the models and the models will not need to xss_clean it in each of them. But in theory, some other controller would call these models too, and then due to these models are not xss_clean this parameter value, then it would be a problem. So I think the good practice is calling xss_clean in models. In my case, I know these models would only be called by this controller only. Should I still stick with the rule, call xss_clean in models? Or should I xss_clean in the controller? Or should I call xss_clean both in controller or model? What is your practice? Thanks! should i xss_clean the parameter in controller or in model? - El Forum - 01-27-2010 [eluser]richthegeek[/eluser] Just autoclean everything - config/config.php has it in there somewhere. |