el_pup_le
Reputation: 12189
Is codeigniter's url encoding here necessary?
I'm passing a string from one page to another, is the url encoding necessary here?
Like so:
<?=anchor('foo/bar/'.$id.'/'.$title, 'All')?>
function bar($id, $title) {
$data['id'] = $id;
$data['title'] = $title;
$this->load->view('some_view', $data);
}
As you can see these variables have no interaction with a database. What is the best way to decode these variables?
Upvotes: 0
Views: 626
Answers (1)
Joe
Reputation: 15812
Yes - what if one person gives someone else a link to site.com/foo/bar/3/<script...? (Answer: it'll probably be caught by some other part of CI doing the escaping for you, but still :P)
Always escape all user input, even if you don't think it matters, because you can't be certain.
Upvotes: 2
Related Questions
- How to encode/decode url in codeigniter
- Is there a way to encode CodeIgniter url?
- CodeIgniter - URI Disallowed Characters
- How do you allow URI encoded characters in CodeIgniter URLs?
- CodeIgniter urlencode/decode
- CodeIgniter URL security
- CodeIgniter: urlencoded URL in URI segment does not work
- Having special characters in URLs in CodeIgniter
- Codeigniter: UTF-8 in the URL bug
- Codeigniter URI routing variable encoding