Login

Diederik · 09-07-2015, 04:45 AM

I hope I understand your question correctly, I think you could use the xss_clean() for this job. It will allow you to populate the inputs in your form with the (unescaped) posted data and then have xss_clean() filter the entire output before sending it back to the browser.

PHP Code:
// insert your form validation code

if ($this->form_validation->run() == FALSE) {
    
    // Form either not valid or no post at all
    $form  = $this->load->view('form', $viewdata, true);

    if ($this->input->server('REQUEST_METHOD') == 'POST') {
        // Only use XSS clean if there actualy is some POST data to filter
        $filtered = $this->security->xss_clean($form); 
        echo $filtered;
    } else {
        echo $form;
    }
} else {

    // form input was succesfully validated

} 