+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28)
+--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forumdisplay.php?fid=30)
+--- Thread: When should I use esc()? (/showthread.php?tid=81363)
When should I use esc()? - castle - 02-19-2022
Hi,
I need help with where to use esc() function.
Do I need to use esc() on every single input text field? For example. I have a form that presents the user with two fields. One is a text field and the other is textarea field. The user needs to fill up both fields and submit them. So, where does the esc go? Do I use esc on the input element (view) or at the Controller level?
The documentation didn´t help me. At https://codeigniter4.github.io/CodeIgniter4/tutorial/create_news_items.html, the only esc I see is in to escape the title.
Thanks.
RE: When should I use esc()? - kenjis - 02-19-2022
You should use esc() when you output any data that may change, such as variables, in your HTML.
But if a function is guaranteed to return proper XSS-free HTML string, there is no need to escape.