Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Form post to DB with safe inputs
Form post to DB with safe inputs
  • El Forum
    Guest
  •  
#7
07-22-2007, 05:15 PM

[eluser]Rick Jolly[/eluser]
[quote author="Rwin" date="1185120979"]
So I guess by using $this->db->insert('tablename',$_POST) is secure enough? Or I make the wrong impression?[/quote]

Active record will escape the data to protect the database from sql injection. However, if a user entered that data it could still be dangerous if you ever need to display it. So you should also validate and prep the data. Use xss_clean or html purifier to remove malicious code like javascript if you want to preserve html in the input. If you want to escape all html then use htmlspecialchars().


Messages In This Thread
Form post to DB with safe inputs - by El Forum - 07-16-2007, 09:00 PM
Form post to DB with safe inputs - by El Forum - 07-16-2007, 11:31 PM
Form post to DB with safe inputs - by El Forum - 07-17-2007, 12:31 AM
Form post to DB with safe inputs - by El Forum - 07-21-2007, 08:25 PM
Form post to DB with safe inputs - by El Forum - 07-22-2007, 05:16 AM
Form post to DB with safe inputs - by El Forum - 07-22-2007, 01:52 PM
Form post to DB with safe inputs - by El Forum - 07-22-2007, 05:15 PM
Form post to DB with safe inputs - by El Forum - 07-22-2007, 07:18 PM
Form post to DB with safe inputs - by El Forum - 07-22-2007, 10:12 PM



Theme © iAndrew 2016 - Forum software by © MyBB