Form Validation / prepping for insert |
[eluser]paynterc[/eluser]
I have a question about form validation in CI. There is a nice set of form validation fuctions here: http://ellislab.com/codeigniter/user-gui...ation.html Among the things you can do with these functions is prep your data for insert using things like "trim" and "xss_clean". My question is, once you have used trim or xss_clean on your data, what should you actually insert into your table? Do you insert the data from $this->input->post('myfield') or do you insert from $this->validation->myfield? Or could I just insert the $_POST data? Which object actually gets affected by the data prep functions?
[eluser]ontguy[/eluser]
I think it's all the above. From what I remember seeing in validation class, the same data ends up in all three; $this->input->post(’myfield’), $this->validation->myfield, $_POST['myfield'].
[eluser]jdgiotta[/eluser]
How do you use prepping functions? The user guide is very vague. Do I use them in the view or somewhere else? Usage example would be ideal.
[eluser]Eric Cope[/eluser]
You use them in the controller. Look for "Repopulating the Form". There is a section of code in the controller that demos everything.
[eluser]jdgiotta[/eluser]
Then maybe I'm doing something wrong. Code: //... I enter this into my username input field of the form Code: "> [removed]alert("CAN BE XSSd")[removed] /* Submit, validation fails (obviously), but the repopulation breaks the HTML. I was assuming based on the functions description, that it would escape the special HTML characters. |
Welcome Guest, Not a member yet? Register Sign In |