[eluser]andychurchill[/eluser]
If I have this in my validation rules:
Code:
$this->form_validation->set_rules('username', 'username', 'trim|strip_tags|required|min_length[5]|max_length[12]|xss_clean');
$this->form_validation->set_rules('password', 'password', 'trim|strip_tags|required|min_length]5]|max_length{12]|callback_checkUsernameAndPasswordExists');
and then the callback function does this:
Code:
$username = $this->input->post('username');
$password = $this->input->post('password');
Am I right in thinking this is safe?
I guess I might also want to add a regular expression to the form validation to ensure alpha numeric, particularly when on the registration form, but the main thing was that I wanted to confirm that if it gets past that form validation, then the value of the input post vars can be presumed safe?
In addition, active record query would then escape it, so I think that covers it?
