Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming is this stamenet true or false: if I use $this->form_validation->set_rules then I don't need to sanitise the input?
is this stamenet true or false: if I use $this->form_validation->set_rules then I don't need to sanitise the input?
  • El Forum
    Guest
  •  
#6
02-29-2012, 09:52 AM

[eluser]andychurchill[/eluser]
I don't trust it, hence my concern. My issue is more related to DRY: I don't want to repeat the same xss_clean/trim/strip_tags process twice, and assumed if I'd performed it at validation, I don't then need to sanitise the input again. It seems the guy in this thread had a similar belief: http://ellislab.com/forums/viewthread/201355/

And from what I can tell, it hinges on whether $this->input->post contains the post validation processed inputs. I get the feeling from that thread that it is possible, if you create a callback function to return a processed result, e.g. having already run trim|strip_tags and xss_clean on the input.

At that point, assuming that input->post now has a processed value, I don't need to do any further processing on the form element, but this is where I can't quite find any documentation that says this to be the case.


Messages In This Thread
is this stamenet true or false: if I use $this->form_validation->set_rules then I don't need to sanitise the input? - by El Forum - 02-29-2012, 09:52 AM



Theme © iAndrew 2016 - Forum software by © MyBB