Cleaning my DB Input? |
[eluser]invision[/eluser]
Hi, I wonder, what are the best practices for DB input? I currently have a function/method in my Model: Code: function createEntry() { In my Controller I have already validated the value: Code: function create() But I would like to 1) type check the value and 2) stop any XSS or SQL Injection attacks. I'm using ActiveRecord and read somewhere I'm covered for SQL Injection, but not XSS. Is this right? Can anyone show me how to best do this with the code provided. Many thanks for your help.
[eluser]steelaz[/eluser]
If you're using ActiveRecord, you should be safe against SQL Injection. To check input against XSS, there is prepping function in form validation library - "xss_clean". You can add it as ane regular rule: Code: $this->form_validation->set_rules('author', 'Author', 'trim|required|xss_clean'); There are a few other prepping functions - http://ellislab.com/codeigniter/user-gui...greference You can also set global xss_clean checking for all user input in /config/config.php
[eluser]invision[/eluser]
Brilliant, just what I wanted to hear. I'm also going to now use this: http://ellislab.com/codeigniter/user-gui...ereference for Type Check functions. Thanks for all your help. |
Welcome Guest, Not a member yet? Register Sign In |