Best practice of handling user's input

Register Sign In

Best practice of handling user's input

Geril
Newbie
Posts: 5
Threads: 1
Joined: Feb 2016
Reputation: 0

#5

02-21-2016, 03:09 AM

Let's assume that I am filtering data on output not input, so it's possible that I will have in my DB as user's first name something like this?

Code:
You are hacked: <script>alert('Lorem Ipsum');</script>

Is that good way of storing data? And what is the best way of showing it when I want to have displayed user's first name somewhere?

Code:
html_escape();

Or

Code:
$this->security->xss_clean();

Combination of both?

Messages In This Thread

Best practice of handling user's input - by Geril - 02-20-2016, 01:03 PM

RE: Best practice of handling user's input - by Narf - 02-20-2016, 03:25 PM

RE: Best practice of handling user's input - by Geril - 02-21-2016, 02:40 AM

RE: Best practice of handling user's input - by ikarius6 - 02-20-2016, 03:26 PM

RE: Best practice of handling user's input - by Narf - 02-21-2016, 04:49 AM

RE: Best practice of handling user's input - by Geril - 02-21-2016, 03:09 AM

RE: Best practice of handling user's input - by Narf - 02-21-2016, 05:14 AM

RE: Best practice of handling user's input - by Geril - 02-21-2016, 05:38 AM

RE: Best practice of handling user's input - by Narf - 02-21-2016, 06:41 AM

RE: Best practice of handling user's input - by Geril - 02-21-2016, 09:44 AM

RE: Best practice of handling user's input - by meow - 03-03-2016, 04:55 PM

Theme © iAndrew 2016 - Forum software by © MyBB