Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion What validation rules do you use by default?
What validation rules do you use by default?
  • El Forum
    Guest
  •  
#1
07-08-2008, 03:11 AM

[eluser]gon[/eluser]
Hi,

I've been using xss_clean whn validating all fields in my apps.
Is it worth using xss_clean always, or just when showing that data to the user, or inserting data into DB?

What validation rules do you use by default, if you do?

Cheers.
  • El Forum
    Guest
  •  
#2
07-08-2008, 07:03 AM

[eluser]Pascal Kriete[/eluser]
Any type of pruning function should be done when inserting. xss_clean can be computationally expensive - and users are much more forgiving to slow load times if they just submitted a form. Inserts also tend to happen less frequently.

I usually just set the global xss_clean flag to true. The other validation rules depend on the situation, the only one that is always there is trim.
  • El Forum
    Guest
  •  
#3
07-08-2008, 09:09 AM

[eluser]Chicken's Egg[/eluser]
Trim and xss_clean are the ones I use the most (nearly always). The others when needed.
  • El Forum
    Guest
  •  
#4
07-08-2008, 03:03 PM

[eluser]onejaguar[/eluser]
Be careful using xss_clean on everything; for instance it can cause problems with people's passwords, see:

http://ellislab.com/forums/viewthread/80858/

At the bottom of the thread you can also read my feelings on xss_clean being overzealous and unnecessary when using other simpler forms of validations (e.g. ctype_digit) or more complex ones like html validation.




Theme © iAndrew 2016 - Forum software by © MyBB