Questions about xss_clean - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Libraries & Helpers (https://forum.codeigniter.com/forumdisplay.php?fid=22) +--- Thread: Questions about xss_clean (/showthread.php?tid=44133) |
Questions about xss_clean - El Forum - 08-04-2011 [eluser]Kenny[/eluser] Hello , I used to use mysql_real_escape_string() to escape input strings in my MySQL queries. Since I have problems using this function with <textarea>s (because it is escaping new lines and shows \n\r even if my global xss filtering is set to false), I'd like to use the xss_clean function. But I'd like to know what does xss_clean() really do. Because I tried to echo some xss_cleaned strings and it doesn't seem to do anything. Is it normal ? Do I have to use it like this : load the security library first and $this->security->xss_clean($str); ? Thank you. Questions about xss_clean - El Forum - 08-04-2011 [eluser]MiniGod[/eluser] mysql_real_escape_string() is not for xss. Anyways, try using one of these: (look at the user guide: http://ellislab.com/codeigniter/user-guide/database/queries.html) Code: $this->db->escape(); Questions about xss_clean - El Forum - 08-05-2011 [eluser]Kenny[/eluser] It seems to work pretty well. Do you advise me to change all mysql_real_escape_string by $this->db->escape() ? And by the way is there a clean solution to convert \n to new lines in textareas ? Thanks ! |