is this stamenet true or false: if I use $this->form_validation->set_rules then I don't need to sanitise the input? |
[eluser]andychurchill[/eluser]
I don't trust it, hence my concern. My issue is more related to DRY: I don't want to repeat the same xss_clean/trim/strip_tags process twice, and assumed if I'd performed it at validation, I don't then need to sanitise the input again. It seems the guy in this thread had a similar belief: http://ellislab.com/forums/viewthread/201355/ And from what I can tell, it hinges on whether $this->input->post contains the post validation processed inputs. I get the feeling from that thread that it is possible, if you create a callback function to return a processed result, e.g. having already run trim|strip_tags and xss_clean on the input. At that point, assuming that input->post now has a processed value, I don't need to do any further processing on the form element, but this is where I can't quite find any documentation that says this to be the case. |
Welcome Guest, Not a member yet? Register Sign In |