| does CI provide 'out-of-the box' sollutions for xss and sql injection? |
[eluser]Pascal Kriete[/eluser]
Needless to say you should always be mindful. User input is the devil, no matter what you develop with. That said, CodeIgniter provides tools to help you. There is a cleaning function to prevent cross-site scripting. Found here. And if you use active record it automatically escapes queries, so that is covered as well. Good practices go a long way. A numbers field shouldn't accept strings. Names don't have html entities in them. Basic checks like that can make a huge difference. |
| Messages In This Thread |
|
does CI provide 'out-of-the box' sollutions for xss and sql injection? - by El Forum - 05-21-2008, 10:09 AM
does CI provide 'out-of-the box' sollutions for xss and sql injection? - by El Forum - 05-21-2008, 10:41 AM
does CI provide 'out-of-the box' sollutions for xss and sql injection? - by El Forum - 05-21-2008, 11:12 AM
does CI provide 'out-of-the box' sollutions for xss and sql injection? - by El Forum - 05-21-2008, 11:15 AM
does CI provide 'out-of-the box' sollutions for xss and sql injection? - by El Forum - 05-21-2008, 11:29 AM
does CI provide 'out-of-the box' sollutions for xss and sql injection? - by El Forum - 05-21-2008, 11:31 AM
|
