• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Form Validation / prepping for insert

#1
[eluser]paynterc[/eluser]
I have a question about form validation in CI.

There is a nice set of form validation fuctions here:
http://ellislab.com/codeigniter/user-gui...ation.html

Among the things you can do with these functions is prep your data for insert using things like "trim" and "xss_clean".

My question is, once you have used trim or xss_clean on your data, what should you actually insert into your table? Do you insert the data from $this->input->post('myfield') or do you insert from $this->validation->myfield? Or could I just insert the $_POST data? Which object actually gets affected by the data prep functions?

#2
[eluser]ontguy[/eluser]
I think it's all the above. From what I remember seeing in validation class, the same data ends up in all three; $this->input->post(’myfield’), $this->validation->myfield, $_POST['myfield'].

#3
[eluser]jdgiotta[/eluser]
How do you use prepping functions?
The user guide is very vague. Do I use them in the view or somewhere else? Usage example would be ideal.

#4
[eluser]Eric Cope[/eluser]
You use them in the controller. Look for "Repopulating the Form". There is a section of code in the controller that demos everything.

#5
[eluser]jdgiotta[/eluser]
Then maybe I'm doing something wrong.
Code:
//...
$rules['username']    = "required|prep_for_form";
//...

I enter this into my username input field of the form
Code:
"> [removed]alert("CAN BE XSSd")[removed] /*

Submit, validation fails (obviously), but the repopulation breaks the HTML. I was assuming based on the functions description, that it would escape the special HTML characters.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.