Create account



CodeIgniter.com Twitter      


  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
Sanitization with form validation

Offline MrWhite
Junior Member
**
Posts: 17
Threads: 6
Joined: Sep 2020
Reputation: 0
#1
01-13-2021, 02:01 AM
Why we cant use trim(), htmlspecialchars() like methods in form validation rules?

for example......

PHP Code:
'name' => [
    'label' => 'Name',
    'rules' => 'trim|htmlspecialchars|required'
]; 

Is there any easy way that we can sanitize $_POST data at once? 

I know we can do something like htmlspecialchars($request->getPost('name')); 

But its nice if there any way that can pass a array like validation rules and sanitize multiple post vars at once. than wrapping with php native methods.

thanks.
Find
Reply

Offline includebeer
Super Moderator
******
Posts: 644
Threads: 14
Joined: Oct 2014
Reputation: 24
#2
01-15-2021, 04:23 PM
It should work. The user guide says:
Quote:You can also use any native PHP functions that permit up to two parameters, where at least one is required (to pass the field data).

See the note at the end of this page: http://codeigniter.com/user_guide/librar...ation.html
CodeIgniter 4 tutorials (EN/FR) - https://includebeer.com
Website Find
Reply

Offline MrWhite
Junior Member
**
Posts: 17
Threads: 6
Joined: Sep 2020
Reputation: 0
#3
01-15-2021, 07:02 PM
(01-15-2021, 04:23 PM)includebeer Wrote: It should work. The user guide says:
Quote:You can also use any native PHP functions that permit up to two parameters, where at least one is required (to pass the field data).

See the note at the end of this page: http://codeigniter.com/user_guide/librar...ation.html

Unfortunately its not work. but I dont think its a bug. I think its a design choice and I'm ok with it. Validation process shouldn't mess with the data.

But I also think docs should be more specific about this since ci3 does support for this kind of thing.
Find
Reply

Offline iRedds
Junior Member
**
Posts: 45
Threads: 1
Joined: Apr 2019
Reputation: 0
#4
01-15-2021, 07:32 PM
(01-13-2021, 02:01 AM)MrWhite Wrote: Why we cant use trim(), htmlspecialchars() like methods in form validation rules?

Validation and sanitization are two different things.

(01-13-2021, 02:01 AM)MrWhite Wrote: Is there any easy way that we can sanitize $_POST data at once? 
As far as I know, there are no such features in the framework. But you can use third party libraries.
Or use Entity class setters
https://codeigniter.com/user_guide/model...ness-logic

Or you can write your sanitizer and then suggest include it in the core of the framework.

There are many paths. Choose the one that suits you best.


(01-15-2021, 04:23 PM)includebeer Wrote: It should work.

The validation class does not return data submitted for validation. And he does not receive them by reference.
Find
Reply

Offline MrWhite
Junior Member
**
Posts: 17
Threads: 6
Joined: Sep 2020
Reputation: 0
#5
01-15-2021, 10:14 PM
(01-15-2021, 07:32 PM)iRedds Wrote:
(01-13-2021, 02:01 AM)MrWhite Wrote: Why we cant use trim(), htmlspecialchars() like methods in form validation rules?

Validation and sanitization are two different things.

(01-13-2021, 02:01 AM)MrWhite Wrote: Is there any easy way that we can sanitize $_POST data at once? 
As far as I know, there are no such features in the framework. But you can use third party libraries.
Or use Entity class setters
https://codeigniter.com/user_guide/model...ness-logic

Or you can write your sanitizer and then suggest include it in the core of the framework.

There are many paths. Choose the one that suits you best.


(01-15-2021, 04:23 PM)includebeer Wrote: It should work.

The validation class does not return data submitted for validation. And he does not receive them by reference.


Hey! thanks for the reply.

BTW what do u think about this issue? Do u think this a bug? 

If this is a bug, its great if u can send a PR.

https://forum.codeigniter.com/thread-78399.html
Find
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.