how sanitize input codeigniter 3?
First of all I should remind you that I have read this post and few other posts about my question but most of all are almost old and they are for about 3 years ago.
Now I'm using CodeIgniter 3 and I want to know what's the best sanitize filter for my data which I'm retrieving them from users before insert into database.
This is for my website to register and and I don't know what kind of user is registering and I can't trust them. And it is possible that it will be dangerous I want to sanitize all input before inserting it into database I don't know input class enough for sanitizing it ?
Please tell me the codeigniter sanitizing functions !
I have read security classs in codeigniter document, but I want to be sure.
Answer
According to the Docs, the input class, does the following:
- Filters the GET/POST/COOKIE array keys, permitting only alpha-numeric (and a few other) characters.
- Provides XSS (Cross-site Scripting Hacks) filtering. This can be enabled globally, or upon request.
- and some other processing, but for security, this is enough.
So, this solves the issue of SQL injection and XSS. For most usages, this is enough.
To enable XSS protection, use:
$val = $this->input->post('some_data', TRUE); // last param enables XSS protection.
Also, you may want to look into CSRF protection. But that's a bit tricky to enable if you're doing ajax calls.