Welcome Guest, Not a member yet? Register   Sign In
Site security
#1

[eluser]richzilla[/eluser]
A security question, whats the best way to prevent users entering html into a database. Ive been testing my new codeigniter app, and i can still enter html into my fields. Obviously this isnt an ideal situation, what ways is there around this?

thanks
#2

[eluser]Wuushu[/eluser]
In the form validation, add the parameter "strip_tags". This will filter out html tags.
#3

[eluser]BrianDHall[/eluser]
The form validation classes really make this easier, as so long as you read the manual section on that closely and commit it to memory and give a little extra thought to ratcheting down just what is or isn't supposed to be entered into a form field, you'll be just fine.

Form Validation Rule Reference

And of course they take any PHP native function that accepts one parameter - like strip_tags, or htmlentities, or chomp/trim, or sha1/md5, etc.




Theme © iAndrew 2016 - Forum software by © MyBB