Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Update and checking
Update and checking
  • El Forum
    Guest
  •  
#5
06-28-2007, 07:39 AM

[eluser]thunder uk[/eluser]
The $_POST array *could* contain something nasty that screws up your database (or worse).

So, instead, get your POSTed values into variables that are nice and clean and free from nasties.

eg

$title = $this->db->escape($this->input->post('newstitle'));
$body = $this->db->escape($this->input->post('newsbody'));

This still isn't foolproof since some of the bad guys know how to use multibyte character encoding to bypass the above, but it's still a good bit safer than passing raw $_POST data


Messages In This Thread
Update and checking - by El Forum - 06-26-2007, 03:08 PM
Update and checking - by El Forum - 06-26-2007, 05:31 PM
Update and checking - by El Forum - 06-26-2007, 11:57 PM
Update and checking - by El Forum - 06-28-2007, 07:31 AM
Update and checking - by El Forum - 06-28-2007, 07:39 AM



Theme © iAndrew 2016 - Forum software by © MyBB