CODEWITHSUNDEEP
mysqldatabasecodeignitervalidation
syyu
syyu

Reputation: 407

Does CodeIgniter validation class prevent SQL injection?

Science, I am validating my post data before inserting into database, assume it is safe from unwanted SQL-injection. Or it is still vulnerable to attack? Do I need farther steps to clean up data?

These are the steps I took to insert data from user: 

$this->form_validation->set_rules('location', 'location', 'trim|xss_clean');
After Pass Validation: $this->input->post('location')
Then Save into DB: $this->db->insert ('user', $data );

Also use CI xss_clean and ACL libs. Question is it a safe practice?

Upvotes: 0

Views: 683

Answers (2)

cartalot
cartalot

Reputation: 3148

you can also enable codeigniter XSS filtering per form field by adding TRUE 

$this->input->post('location', TRUE) ;

Upvotes: 0

ajtamwojtek
ajtamwojtek

Reputation: 763

Yep, CI valids your app, but you have to enable it in config.

application/config/config.php line 350:

/*
|--------------------------------------------------------------------------
| Global XSS Filtering
|--------------------------------------------------------------------------
|
| Determines whether the XSS filter is always active when GET, POST or
| COOKIE data is encountered
|
*/
$config['global_xss_filtering'] = FALSE;

If you set this var to TRUE, all get, post and cookies will be filtered.

If you have enabled this option, you don't have to use:

**xss_clean**

in:

$this->form_validation->set_rules('location', 'location', 'trim|xss_clean');

Upvotes: 1

Related Questions