Welcome Guest, Not a member yet? Register   Sign In
Security in post/get

Hi all,

I'm using $this->input->post("field", TRUE), to protect the system, but, I think the function does not do everything that I thought would.

I'm doing one seach page, the user write the word in one input, after the sumit, i do one echo in the value of the input, as a test, I wrote "script alert("hello") /script", and the alert work on...

there is something in the framework that implements the slashs, trim, htmlentities? if not, what security do you advise me?

And really thanks to David Pennington, for this video about security. Thanks man!

Messages In This Thread
Security in post/get - by El Forum - 05-11-2009, 03:53 PM
Security in post/get - by El Forum - 05-11-2009, 07:10 PM

Theme © iAndrew 2016 - Forum software by © MyBB