| Security in post/get |
[eluser]ClaudioX[/eluser]
Hi all, I'm using $this->input->post("field", TRUE), to protect the system, but, I think the function does not do everything that I thought would. I'm doing one seach page, the user write the word in one input, after the sumit, i do one echo in the value of the input, as a test, I wrote "script alert("hello") /script", and the alert work on... there is something in the framework that implements the slashs, trim, htmlentities? if not, what security do you advise me? And really thanks to David Pennington, for this video about security. Thanks man! |
| Messages In This Thread |
|
Security in post/get - by El Forum - 05-11-2009, 03:53 PM
Security in post/get - by El Forum - 05-11-2009, 07:10 PM
|
