[eluser]Kenny[/eluser]
Hello ,
I used to use mysql_real_escape_string() to escape input strings in my MySQL queries.
Since I have problems using this function with <textarea>s (because it is escaping new lines and shows \n\r even if my global xss filtering is set to false), I'd like to use the xss_clean function.
But I'd like to know what does xss_clean() really do. Because I tried to echo some xss_cleaned strings and it doesn't seem to do anything. Is it normal ?
Do I have to use it like this : load the security library first and $this->security->xss_clean($str); ?
Thank you.