Escaping user input

The CodeIgniter security class function, xss_clean(), attempts to clean input from the POST or COOKIE data to mitigate against techniques that can allow for the injection of code into a website. For example, it would seek to prevent JavaScript code from being executed if it is included in a blog post submitted by a user, or look at the data submitted in a text input field and escape disallowed characters.

Getting ready

You can apply this to any controller you're creating, or if you've extended using MY_Controller, you can add it to that if you wish. You can also autoload the security helper by adding it to $autoload['helper'] = array() in the /path/to/codeigniter/application/config/autoload.php file. To be explicitly clear, here ...

Get CodeIgniter 2 Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.