CodeIgniter Forums
Sanitization with form validation - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forum-28.html)
+--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forum-30.html)
+--- Thread: Sanitization with form validation (/thread-78393.html)



Sanitization with form validation - MrWhite - 01-13-2021

Why we cant use trim(), htmlspecialchars() like methods in form validation rules?

for example......

PHP Code:
'name' => [
    'label' => 'Name',
    'rules' => 'trim|htmlspecialchars|required'
]; 

Is there any easy way that we can sanitize $_POST data at once? 

I know we can do something like htmlspecialchars($request->getPost('name')); 

But its nice if there any way that can pass a array like validation rules and sanitize multiple post vars at once. than wrapping with php native methods.

thanks.


RE: Sanitization with form validation - includebeer - 01-15-2021

It should work. The user guide says:
Quote:You can also use any native PHP functions that permit up to two parameters, where at least one is required (to pass the field data).

See the note at the end of this page: http://codeigniter.com/user_guide/libraries/validation.html


RE: Sanitization with form validation - MrWhite - 01-15-2021

(01-15-2021, 04:23 PM)includebeer Wrote: It should work. The user guide says:
Quote:You can also use any native PHP functions that permit up to two parameters, where at least one is required (to pass the field data).

See the note at the end of this page: http://codeigniter.com/user_guide/libraries/validation.html

Unfortunately its not work. but I dont think its a bug. I think its a design choice and I'm ok with it. Validation process shouldn't mess with the data.

But I also think docs should be more specific about this since ci3 does support for this kind of thing.


RE: Sanitization with form validation - iRedds - 01-15-2021

(01-13-2021, 02:01 AM)MrWhite Wrote: Why we cant use trim(), htmlspecialchars() like methods in form validation rules?

Validation and sanitization are two different things.

(01-13-2021, 02:01 AM)MrWhite Wrote: Is there any easy way that we can sanitize $_POST data at once? 
As far as I know, there are no such features in the framework. But you can use third party libraries.
Or use Entity class setters
https://codeigniter.com/user_guide/models/entities.html#handling-business-logic

Or you can write your sanitizer and then suggest include it in the core of the framework.

There are many paths. Choose the one that suits you best.


(01-15-2021, 04:23 PM)includebeer Wrote: It should work.

The validation class does not return data submitted for validation. And he does not receive them by reference.


RE: Sanitization with form validation - MrWhite - 01-15-2021

(01-15-2021, 07:32 PM)iRedds Wrote:
(01-13-2021, 02:01 AM)MrWhite Wrote: Why we cant use trim(), htmlspecialchars() like methods in form validation rules?

Validation and sanitization are two different things.

(01-13-2021, 02:01 AM)MrWhite Wrote: Is there any easy way that we can sanitize $_POST data at once? 
As far as I know, there are no such features in the framework. But you can use third party libraries.
Or use Entity class setters
https://codeigniter.com/user_guide/models/entities.html#handling-business-logic

Or you can write your sanitizer and then suggest include it in the core of the framework.

There are many paths. Choose the one that suits you best.


(01-15-2021, 04:23 PM)includebeer Wrote: It should work.

The validation class does not return data submitted for validation. And he does not receive them by reference.


Hey! thanks for the reply.

BTW what do u think about this issue? Do u think this a bug? 

If this is a bug, its great if u can send a PR.

https://forum.codeigniter.com/thread-78399.html