[eluser]pickupman[/eluser]
Most of the time you can run this on form validation. When you create form, use the form validation library. When creating fields like:
Code:
$this->form_validation->set_rules('field_name', 'field name', 'required|trim|xss_clean');
if($this->form_validation->run())
{
$this->input->post('field_name'); //This already run thru xss_clean
}
You basically shouldn't trust user input. CI will strip any naughty stuff for you.