Site security |
[eluser]richzilla[/eluser]
A security question, whats the best way to prevent users entering html into a database. Ive been testing my new codeigniter app, and i can still enter html into my fields. Obviously this isnt an ideal situation, what ways is there around this? thanks
[eluser]Wuushu[/eluser]
In the form validation, add the parameter "strip_tags". This will filter out html tags.
[eluser]BrianDHall[/eluser]
The form validation classes really make this easier, as so long as you read the manual section on that closely and commit it to memory and give a little extra thought to ratcheting down just what is or isn't supposed to be entered into a form field, you'll be just fine. Form Validation Rule Reference And of course they take any PHP native function that accepts one parameter - like strip_tags, or htmlentities, or chomp/trim, or sha1/md5, etc. |
Welcome Guest, Not a member yet? Register Sign In |