[eluser]boltsabre[/eluser]
Depends on how you have the rest of your application and database set up.
I personally have it, when a checkbox can change a DB column state (ie, if it's checked, set the column to 1, else set it to 0), something like this:
Code:
if(isset($this->input->post('myCheckbox')){
$checkbox_value = 1;
// trace ip stuff here if you want to
if($this->input->post('myCheckbox') !== 1{
...
}
}else{
$checkbox_value = 0;
}
That way if someone malicious tries to inject some code, or is just playing round with $_POST data it doesn't matter what they try to pass, it just gets set to 1 (this also allows you to trace the IP and potentially block that IP address if you need/want to to.)
If you are not interested in tracing IPs and other stuff, just use native CI validation rules, this should do the trick for a checkbox, but you wont be able to trace the IP of a potential hacker as the form wont pass validation unless it has the correct value:
trim|max_length[1]|is_natural
I think, you'd have to check if 'is_natural' fails if the checkbox is unchecked.
But yes, you should definitely be doing more than just trim!!!