Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter Best Practices [CI4] Escaping ticket content message
[CI4] Escaping ticket content message
  • Offline Awlikhaleghi
    Junior Member
  • **
  • Posts: 18
    Threads: 2
    Joined: Sep 2016
    Reputation: 0
#1
Question  12-22-2020, 02:14 PM
(This post was last modified: 12-22-2020, 02:15 PM by Awlikhaleghi.)

Hey guys, I am trying to create a ticketing system and I had a question here.
do I need to use escapeString() while using a model->save($entity)?
if so, while using escapeString, after saving the TicketReply entity, the content message is something like this:
PHP Code:
test\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\ntest\r\
but I just need to be sure user is not submitting malicious code like js or html etc.

PHP Code:
// this is actually my question, do I need to escape this field or CI does it for me?
$reply $tickets->escapeString($this->request->getPost("reply_message"));
// Creating 
$replyMessage = new TicketReply;
$replyMessage->ticket_id $ticket->id;
$replyMessage->user_id $this->user->id;
$replyMessage->message $reply;

// insert new reply message ?
if(model("TicketReplyModel")->save($replyMessage))
{
    // redirect with success message
}
else // failed to save replied message ... 

Thanks for taking the time.
Reply
  • Offline kenjis
    Administrator
  • *******
  • Posts: 3,251
    Threads: 90
    Joined: Oct 2014
    Reputation: 205
#2
12-25-2020, 08:10 PM

> need to be sure user is not submitting malicious code like js or html etc.

escapeString() has nothing to do with them.

https://codeigniter.com/user_guide/datab...ng-queries
ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper
Reply




Theme © iAndrew 2016 - Forum software by © MyBB