Welcome Guest, Not a member yet? Register   Sign In
Protection from SQL-injections and XSS-atacks
#7

Beyond the form validation that CI provides, you can also use your own custom validation rules, and you should if you have to. Also, I like to type cast numbers to int or float, sometimes eliminating the need for form validation if all I'm posting is numbers. While it is specifically suggested that it not be done, I do run almost almost all strings through xss_clean. If that's just a bad habit, and if somebody wants to share an article to read about why it is so, I might be persuaded to change my ways.
Reply


Messages In This Thread
RE: Protection from SQL-injections and XSS-atacks - by skunkbad - 07-13-2017, 11:47 PM



Theme © iAndrew 2016 - Forum software by © MyBB