Login

az1409 · 05-02-2020, 09:53 PM

Hi All,

If I need to sanitize below piece of code in CI (v3.1.10)

<?php echo $this>session->flashdata('error'); ?>

How to do it?????

and one more thing xss_clean is completely deprecated in CI (v3.1.10) so we can not use it????

***jreklund*** · 05-03-2020, 02:08 AM

You should use html_escape() or xss_clean() when you print strings that are not XSS safe. Personally I use html_escape() as I don't want anything to have the slightest chance on slipping thru.

PHP Code:
<?php echo html_escape($this>session->flashdata('error')); ?>

It's deprecated from input validation, as you should filter your data. Do you only want numbers? Check that it's not a letter etc.

az1409 · 05-03-2020, 02:12 AM

(05-03-2020, 02:08 AM)jreklund Wrote: You should use html_escape() or xss_clean() when you print strings that are not XSS safe. Personally I use html_escape() as I don't want anything to have the slightest chance on slipping thru.

PHP Code:
<?php echo html_escape($this>session->flashdata('error')); ?>

It's deprecated from input validation, as you should filter your data. Do you only want numbers? Check that it's not a letter etc.

Thanks for your quick help and response!!