(07-13-2017, 02:23 PM)PaulD Wrote: CSRF helps protect against XSS attacks.
Um, no ... CSRF doesn't protect you from XSS. It's the name of
another attack, which CI has protections
against.
(07-13-2017, 11:47 PM)skunkbad Wrote: Also, I like to type cast numbers to int or float, sometimes eliminating the need for form validation if all I'm posting is numbers.
You should avoid this ... It may be an easy way to protect from SQL injections, but you're supposed to reject invalid inputs, not assume that they're ok.