Sanitizing Form Input

[eluser]K-Fella[/eluser]
Is there a rule of thumb when sanitizing form input using CI?

Should it be done in set_rules?

Code:

$this->form_validation->set_rules('username', 'Username', 'required|xss_clean');

Or when using

Code:

$this->input->post('string', TRUE);

Or both?

Are there any advantages to using one over the other?

[eluser]WanWizard[/eluser]
Both do exactly the same.

For the first one you have to run your validation rules, but you can include other rules as well (that may or may not modify the field value). The second one is simple, does what it says on the tin, but nothing more.

So, the answer is, use what you think its best in your situation.

[eluser]K-Fella[/eluser]
Out of curiosity, which do you use?

[eluser]bretticus[/eluser]
I personally prefer

Code:

$this->input->post('string', TRUE);

because I want my post data to be filtered whether or not it was validated.