Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter 4 - Insert HTML from CKEditor to Database?
#1

Hello.
Currently i'm working on small CMS portal, now i'm working with writing & reading articles function using Model. To writing articles I want use CKEditor (or similar) - the editor create result with HTML tags, so how to secure result from editor before insert in to database? Huh 

Or auto security from CI in model is enough?


Best regards.
Reply
#2

Run your code through one of these htmlspecialchars or htmlentities also use CI esc() method.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#3

(11-11-2020, 07:42 AM)InsiteFX Wrote: Run your code through one of these htmlspecialchars or htmlentities also use CI esc() method.

Thank you for your reply.
Does the model automatically escape_string before insert in DB? Functions htmlspecialchars / htmentities or esc() are output functions, so I don't need to secure CKEditor output before insert in db? (I mean SQL Injection - functions writed by you in previous post help with secure from XSS). All my script work on CodeIgniter Model.


Thank you, have a nice day
Reply
#4

If your using the QueryBuilder yes it should be escaping the values.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply




Theme © iAndrew 2016 - Forum software by © MyBB