• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Form validation

#1
Hello ,

I'm doing a form validation in codeigniter like the following : 
$this->form_validation->set_rules('first_name', 'First Name', 'trim|xss_clean|required');

if insert in my field the word "<script>" , the xss_clean is removing the word "<script>" and the field becomes empty and the required validation is bypassed and accepting the empty entry and it can be inserted in my database.

could you please help me with this .
Thanks
Reply

#2
Apply xss_clean() on output, not before you store it.
Reply

#3
(03-06-2017, 10:43 AM)Narf Wrote: Apply xss_clean() on output, not before you store it.

Hi Narf , Thanks for replying , i just want to make sure i understand correctly . here is the situation : 
if i do it this way 
$this->form_validation->set_rules('first_name', 'First Name', 'required'); 

if someone put <script> , required will be ok , 
then if i apply the xss clean after that or let's say i move the post data to a variable and apply xss clean on it 
the variable will become empty since xss clean will remove the <script> and required will never detect again
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.