• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

Is there any good practices on how and when to use $this->input->xss_clean(). Im developing a web-based inventory system right now. Any suggestions would be grateful. thanks.

Most of the time you can run this on form validation. When you create form, use the form validation library. When creating fields like:
$this->form_validation->set_rules('field_name', 'field name', 'required|trim|xss_clean');

   $this->input->post('field_name'); //This already run thru xss_clean

You basically shouldn't trust user input. CI will strip any naughty stuff for you.

I'm using Smarty in managing my templates. And when I declare user inputs, I place it in the .tpl file. How can I implement the library form in Smarty?

Form validation is something you should do in your controller, after a form is posted. It is not relevant which template engine has generated the form.

Can you give me some tips in preventing sql injections? and the proper saving of information to the database.

You can enable xss_clean by default by setting 'global_xss_filtering' to true. If you don't want to do that use @pickupman's suggestion to clean on a field by field basis.

If you use CI's active record library, all data going into the database is escaped automatically.

And you can clean up data after it gets sent in by setting the second argument of $this->input->post() to TRUE.

e.g. if ($this->form_validation->run()) {

$username = $this->input->post('username', TRUE);


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.