| SQL Injection and XSS filtering |
[eluser]keevitaja[/eluser]
by enabling xss, all post and cookie items accessed through $ci->input object are filtered. i'd recomment you turn it on by default. html <tags> are totally different things. it has nothing todo with security. when you create db record containing <> it will be stored in db as it is. to print this record to the browser you still need to run htmlspecialchars() or equivalent function. and yes, with active record all db inserts using db->insert() are escaped! |
| Messages In This Thread |
|
SQL Injection and XSS filtering - by El Forum - 09-29-2012, 12:05 PM
SQL Injection and XSS filtering - by El Forum - 09-29-2012, 12:44 PM
SQL Injection and XSS filtering - by El Forum - 09-30-2012, 04:43 AM
|
