CodeIgniter 4 - Insert HTML from CKEditor to Database? - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28) +--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forumdisplay.php?fid=30) +--- Thread: CodeIgniter 4 - Insert HTML from CKEditor to Database? (/showthread.php?tid=77962) |
CodeIgniter 4 - Insert HTML from CKEditor to Database? - crazze - 11-11-2020 Hello. Currently i'm working on small CMS portal, now i'm working with writing & reading articles function using Model. To writing articles I want use CKEditor (or similar) - the editor create result with HTML tags, so how to secure result from editor before insert in to database? Or auto security from CI in model is enough? Best regards. RE: CodeIgniter 4 - Insert HTML from CKEditor to Database? - InsiteFX - 11-11-2020 Run your code through one of these htmlspecialchars or htmlentities also use CI esc() method. RE: CodeIgniter 4 - Insert HTML from CKEditor to Database? - crazze - 11-11-2020 (11-11-2020, 07:42 AM)InsiteFX Wrote: Run your code through one of these htmlspecialchars or htmlentities also use CI esc() method. Thank you for your reply. Does the model automatically escape_string before insert in DB? Functions htmlspecialchars / htmentities or esc() are output functions, so I don't need to secure CKEditor output before insert in db? (I mean SQL Injection - functions writed by you in previous post help with secure from XSS). All my script work on CodeIgniter Model. Thank you, have a nice day RE: CodeIgniter 4 - Insert HTML from CKEditor to Database? - InsiteFX - 11-11-2020 If your using the QueryBuilder yes it should be escaping the values. |