• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
String passed to callback function sanitized?

I use callback functions in my form validation code to check the database for valid values for a field. Is it right to assume that the value in the field passed to the call back function is not sanitized? If I have xss enabled in my config, do I have to use $this->input->post('str') in my callback function if I want the data cleaned? Is it enough to protect the values being sent to my callback function by using validation rules such as alpha, or alpha_dash, etc?

It depends on what you're doing with the value in your callback.

- If you have XSS clean enabled globally in your config, fields will always be sanitized when calling them through $this->input->post().
- Unless you need to access another field, you don't need $this->input->post() in your callback. The value will automatically be passed as the first parameter of your callback method.
- The rules you specify for a field are run in that order. If you put xss_clean before your callback, it will be cleaned prior to your callback receiving it. Third, you can always run xss_clean on an individual POST element whenever you want by doing:

$this->input->post('item', true); // Note the TRUE

Maybe explain what you're doing in your callback to get advice specific for your situation.

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.