• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Sanitization with form validation

#1
Why we cant use trim(), htmlspecialchars() like methods in form validation rules?

for example......

PHP Code:
'name' => [
    'label' => 'Name',
    'rules' => 'trim|htmlspecialchars|required'
]; 

Is there any easy way that we can sanitize $_POST data at once? 

I know we can do something like htmlspecialchars($request->getPost('name')); 

But its nice if there any way that can pass a array like validation rules and sanitize multiple post vars at once. than wrapping with php native methods.

thanks.
Reply

#2
It should work. The user guide says:
Quote:You can also use any native PHP functions that permit up to two parameters, where at least one is required (to pass the field data).

See the note at the end of this page: http://codeigniter.com/user_guide/librar...ation.html
CodeIgniter 4 tutorials (EN/FR) - https://includebeer.com
Reply

#3
(01-15-2021, 04:23 PM)includebeer Wrote: It should work. The user guide says:
Quote:You can also use any native PHP functions that permit up to two parameters, where at least one is required (to pass the field data).

See the note at the end of this page: http://codeigniter.com/user_guide/librar...ation.html

Unfortunately its not work. but I dont think its a bug. I think its a design choice and I'm ok with it. Validation process shouldn't mess with the data.

But I also think docs should be more specific about this since ci3 does support for this kind of thing.
Reply

#4
(01-13-2021, 02:01 AM)MrWhite Wrote: Why we cant use trim(), htmlspecialchars() like methods in form validation rules?

Validation and sanitization are two different things.

(01-13-2021, 02:01 AM)MrWhite Wrote: Is there any easy way that we can sanitize $_POST data at once? 
As far as I know, there are no such features in the framework. But you can use third party libraries.
Or use Entity class setters
https://codeigniter.com/user_guide/model...ness-logic

Or you can write your sanitizer and then suggest include it in the core of the framework.

There are many paths. Choose the one that suits you best.


(01-15-2021, 04:23 PM)includebeer Wrote: It should work.

The validation class does not return data submitted for validation. And he does not receive them by reference.
Reply

#5
(01-15-2021, 07:32 PM)iRedds Wrote:
(01-13-2021, 02:01 AM)MrWhite Wrote: Why we cant use trim(), htmlspecialchars() like methods in form validation rules?

Validation and sanitization are two different things.

(01-13-2021, 02:01 AM)MrWhite Wrote: Is there any easy way that we can sanitize $_POST data at once? 
As far as I know, there are no such features in the framework. But you can use third party libraries.
Or use Entity class setters
https://codeigniter.com/user_guide/model...ness-logic

Or you can write your sanitizer and then suggest include it in the core of the framework.

There are many paths. Choose the one that suits you best.


(01-15-2021, 04:23 PM)includebeer Wrote: It should work.

The validation class does not return data submitted for validation. And he does not receive them by reference.


Hey! thanks for the reply.

BTW what do u think about this issue? Do u think this a bug? 

If this is a bug, its great if u can send a PR.

https://forum.codeigniter.com/thread-78399.html
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.