(03-06-2017, 10:43 AM)Narf Wrote: Apply xss_clean() on output, not before you store it.
Hi Narf , Thanks for replying , i just want to make sure i understand correctly . here is the situation :
if i do it this way
$this->form_validation->set_rules('first_name', 'First Name', 'required');
if someone put <script> , required will be ok ,
then if i apply the xss clean after that or let's say i move the post data to a variable and apply xss clean on it
the variable will become empty since xss clean will remove the <script> and required will never detect again