Welcome Guest, Not a member yet? Register   Sign In
$this->input->xss_clean()
#1

[eluser]ganjasensation00[/eluser]
Is there any good practices on how and when to use $this->input->xss_clean(). Im developing a web-based inventory system right now. Any suggestions would be grateful. thanks.
#2

[eluser]pickupman[/eluser]
Most of the time you can run this on form validation. When you create form, use the form validation library. When creating fields like:
Code:
$this->form_validation->set_rules('field_name', 'field name', 'required|trim|xss_clean');

if($this->form_validation->run())
{
   $this->input->post('field_name'); //This already run thru xss_clean
}

You basically shouldn't trust user input. CI will strip any naughty stuff for you.
#3

[eluser]ganjasensation00[/eluser]
I'm using Smarty in managing my templates. And when I declare user inputs, I place it in the .tpl file. How can I implement the library form in Smarty?
#4

[eluser]WanWizard[/eluser]
Form validation is something you should do in your controller, after a form is posted. It is not relevant which template engine has generated the form.
#5

[eluser]ganjasensation00[/eluser]
Can you give me some tips in preventing sql injections? and the proper saving of information to the database.
#6

[eluser]WanWizard[/eluser]
You can enable xss_clean by default by setting 'global_xss_filtering' to true. If you don't want to do that use @pickupman's suggestion to clean on a field by field basis.

If you use CI's active record library, all data going into the database is escaped automatically.
#7

[eluser]happydude[/eluser]
And you can clean up data after it gets sent in by setting the second argument of $this->input->post() to TRUE.

e.g. if ($this->form_validation->run()) {

$username = $this->input->post('username', TRUE);

}




Theme © iAndrew 2016 - Forum software by © MyBB