Escaping user input
The CodeIgniter security class function, xss_clean()
, attempts to clean input from the POST
or COOKIE
data to mitigate against techniques that can allow for the injection of code into a website. For example, it would seek to prevent JavaScript code from being executed if it is included in a blog post submitted by a user, or look at the data submitted in a text input field and escape disallowed characters.
Getting ready
You can apply this to any controller you're creating, or if you've extended using MY_Controller
, you can add it to that if you wish. You can also autoload the security helper by adding it to $autoload['helper'] = array()
in the /path/to/codeigniter/application/config/autoload.php
file. To be explicitly clear, here ...
Get CodeIgniter 2 Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.