First, I should remind you that I've read this post and a few others about my problem, but the bottom line is that they're pretty much about 3 years ago.

Now I'm using CodeIgniter 3 and I'm wondering what is the best clean filter for my data, I retrieve them from the user before inserting into the database.

This is my website registration, I don't know what kind of user registration, I can't trust them. And it is possible to sanitize all the input before inserting the data into the database is dangerous I don't know if the input class is enough to sanitize it?
Please tell me about codeigniter sanitizing function!

I've read about security classes in the codeigniter documentation, but I want to be sure.

Solution:

According to the Docs, enter the class, do the following:

Filters GET/POST/COOKIE array keys, allowing only alphanumeric (and some other) characters.
Provides XSS (Cross Site Scripting Hacking) filtering. This can be enabled globally or on request.
And some other processing, But to be on the safe side, this is enough.

So this solves the problem of SQL injection and XSS. For most uses, this is enough.

To enable XSS protection use:

$val = $this->input->post('some_data', TRUE); // last param enables XSS protection.

Also, you might want to know about CSRF protection. But if you're doing ajax calls, it's a bit tricky to enable.

Bias: Try starting new projects in real frameworks like Zend, Laravel, etc. By default you have more control over filtering and security.

php - how to sanitize input codeigniter 3? Related posts

  1. JavaScript based X/HTML and CSS sanitization

    Before everyone tells me that client-side cleanup shouldn't be done (I do intend to do it on the client-side, although it works in SSJS as well), let me clarify what I'm trying to do.I want something, similar to Google Caja or HTMLPurifier but for JavaScript: a safe whitelist-based approach that han ...

  2. PHP: Does using _GET data require some form of sanitization?

    That is, for regular use in my PHP code. Not like I'm passing to my query or anything.Solution:If you pass them to an SQL query you get SQL injection > If you use them to form filenames you get an arbitrary file read vulnerability > If you output them as-is as part of an HTML page you get XSS ...

  3. java – OWASP html sanitizer – why does it cover certain entities?

    I am a new user of Owasp, which is an HTML cleaner, and found that with any strategy I use, it transfers some entities back to characters.For example, this string:@ test!Becomes this:@ test!I want to leave entities"as is"as much as possible. I can even understand whether it escapes them, rather than ...

  4. python - Has the request data been sanitized by Flask?

    Should data from users (like cookie values, variable parts in paths, query parameters) be considered insecure and handled in a specific way? Does Flask already sanitize escaped input data, so it is safe to pass it to the function test(input_data)?Solution:Flask doesn't need to request data other tha ...

  5. PHP function for sanitizing input values

    I use this: function safeClean($n) { $n = trim($n); if(get_magic_quotes_gpc()) { $n = stripslashes($n); } $n = mysql_escape_string($n); $n = htmlentities($n); return $n; } Prevent any kind of MySQL injection or similar things. Whenever I use it to wrap $_POST: $username = safeClean($_P ...

  6. php-Am I using FILTER_VALIDATE_INT FILTER_SANITIZE_NUMBER_INT correctly?

    Try to verify and then clean up the $_GET request. I just want to see if I am missing something.this is mine……if (isset($_GET['id'])) {$id = filter_input(INPUT_GET,'id', FILTER_VALIDATE_INT); if (!$id) {echo'Error'; exit();} $id = filter_input( INPUT_GET,'id', FILTER_SANITIZE_NUMBER_INT); $getinfo = ...

  7. HTML Sanitizer API

    Three cheers for (draft stage) progress on a Sanitizer API! It’s gospel that you can’t trust user input. And indeed, any app I’ve ever worked on has dealt with bad actors trying to slip in and execute nefarious code somewhere it shouldn’t. It’s the web developer’s ...

  8. PHP - clean input, but output is not as expected

    Here is one of my forms (PHP MySQL, textarea replaced by TinyMCE). It records descriptions with paragraphs, bullets, headings and text alignment (right, left, center and alignment).After submitting, the record appears asIntroductionThe death of the pixel leaves you with a flowing, magazine-quality c ...

  9. How to Design Secure Web Forms: Validate, Sanitize, and Control

    While cybersecurity is often thought of in terms of databases and architecture, much of a strong security posture relies on elements in the domain of the front-end developer. For certain potentially devastating vulnerabilities like SQL injection and Cross-Site Scripting (XSS), a well-considered user ...

  10. php - user input, sanitize and sanitize

    I've searched a lot of questions here and I found them either very old or suggesting a prepared statement PDO which I don't use. So I need your help.I have a small discussion/chat box where users submit messages using <textarea>.What I need is to sanitize and filter user input so it only accep ...

  11. php – FILTER_SANITIZE vs FILTER VALIDATE, what’s the difference – and which ones to use?

    Currently I'm making a calculator-like application in PHP using a form as an input method. To protect the input I'm using the filter_input() function. As a filter, this function selects an element from two groups: FILTER_SANITIZE and FILTER_VALIDATE, and I should Which one to use to filter input fro ...

  12. php - how to sanitize input codeigniter 3?

    First, I should remind you that I've read this post and a few others about my problem, but the bottom line is that they're pretty much about 3 years ago.Now I'm using CodeIgniter 3 and I'm wondering what is the best clean filter for my data, I retrieve them from the user before inserting into the da ...

  13. php - the correct way to clear the password?

    How to sanitize a string that received a hash random salt?I could remove the spaces, check the length and use mysqli_real_escape_string, but is that enough? filter_var is indeed useful, but not helpful in this case, right?Solution:If you want to put the variable into an SQL query, you need to call m ...

  14. php-use whitelist to sanitize user input

    I have this code to filter the variable named"username"entered by the user:$username_clean = preg_replace("/[^a-zA-Z0-9_]/","", $_POST['username'] );if (!strlen($username_clean)){die("username is blank!");I want to perform the same process on each input on this page, but I have about 12 different in ...

  15. php-How to make the date legal/safe before passing it to strtotime()?

    This is what I have now.$date = mysqli_real_escape_string($dbc, trim(date('Ym-d',strtotime($_POST['date']))));Someone told me that I need to make sure that $date is safe/legal before passing it to strtotime(). How can I do it? I looked up at http://us3.php.net/strtotime, but it really didn't tell me ...

  16. php-FILTER_SANITIZE_STRING is stripping <characters and any text after it

    I encountered a weird problem when using FILTER_SANITIZE_STRING on a variable (filled by manual input). It seems to be stripped of the <character and any text after it. The> character remains unchanged.I think it thinks that <is an HTML tag that needs to be stripped, but there is no closing tag after it, so I don't know why this happens. Is there a way to make it leave the <in place, and it should still be sanitized as required?Solution:The fundamental problem is that when you use FI ...

Recent Posts

  1. unix network programming server and client delivery program

    1. A simple program for sending"hello world"after the server and client are connected.Server program:#include#include#include#include#include#include#include#include #define LISTENQ 5000 int main(int argc,char *argv[]) { int sockfd,servfd,cliefd; struct sockaddr_in servaddr; struct sockaddr_in cliaddr; if((sockfd=socket(AF_INET,SOCK_STREAM,0))==-1) { printf("socket error"); return(-1); } bzero(&servaddr,sizeof(servaddr)); servaddr.sin_family=AF_INET; servaddr.sin_port=htons(8000); servaddr.s...

  2. merge two dictionaries in python like this

    I want to merge two dictionaries like this:From:a1 = {u'2016-03-11': [u'20:00', u'22:10']} a2 = {u'2016-03-11': [u'20:00', u'23:10'],u'2016-03-12': [u'20:00', u'22:10 ']}to:an = {u'2016-03-11': [u'20:00',u'22:10', u'23:10'],u'2016-03-12': [u'20:00 ', u'22:10']}I need a function to merge two dictionariesSolution:from collections import defaultdict a1 = {u'2016-03-11': [u'20:00', u'22:10']} a2 = {u'2016-03-11': [u'20:00', u'23:10'],u'2016-03-12': [u'20:00', u'22:10 ']} dd = defaultdict(set) for d ...

  3. Java study notes (12)

    Steps used by eclipse:1. Select the working directory. All code written in Eclipse in the future is in the working directory2. Create a new project on the Project Exploer window. In the future, we will write code in units of projects.3. Right-click in the src directory of the project, new a class or...

  4. What are the "bad habits" that I don't want to change when programming?

    We've all done these things: like stealing a cookie when mom isn't paying attention; like driving through sharp turns without slowing down. So, what"bad habits"do we also have when programming?Bad programming habits TOP1: paste copyIn our school days, we all knew plagiarism was wrong. But at work, t...

  5. android-Python Kivy write/read files to SD card

    By using Python and Kivy, I want to write a file to the (virtual) SD card of the user's phone and read the file again with other functions. Since Android, IOS and Windows Phone may have different paths to the SD card, it seems best Use"plyer". How to write/read files to/from SD card?Solution:SD card pathfrom jnius import autoclass # SDcard Android # Get path to SD card Android try: Environment = autoclass('android.os.Environment') sdpath = Environment.getExternalStorageDirectory() # Not on Andro...

  6. eclipse plugin – treat non-java extension files as java files

    We are developing an eclipse plugin and we have an extension like".xyz"but it actually contains java code. JavaCore.createCompilationUnitFrom() only accepts files with extension".java". JavaCore has JAVA_SOURCE_CONTENT_TYPE which returns It looks at Java source files with the extension .My question ...

  7. java-Maven: Create 2 war files, each with a different web.xml?

    I need to use Maven to create two WAR files with two different web.xml files. Otherwise, the WAR files are the same.The WAR file will be created as expected, however, the second file has the same web.xml file as the first.How to force the Maven WAR plugin to use the second file for the second WAR? I can't use configuration files because I need to create two files at once.My current code:org.apache.maven.pluginsmaven-war-plugin2.2${basedir}/WEBmain${basedir}/CONF/web.xmlhist-warpackagewarhist${ba...

  8. java-integer set. The possible performance improvement when adding new entries

    If you are a skilled low-latency Java developer (I am not) and you are told to implement a set of ints (primitives or non-primitives), then considering the guaranteed prerequisites, is it possible for you to get additional performance Promote each new entry higher than any other value previously stored in the collection?What is the gain of adding, including, and deleting operations in the best/worst case?On the one hand, this restriction seems to naturally lead to better performance. On the othe...

  9. AOP's aspectj

    AOP's aspectjaop, the English full name is Aspect Oriented Programming, which means aspect-oriented programming, which is a kind of programming idea with high cohesion and low coupling. It is widely used in many businesses.Business sceneThere is such a requirement to count the time-consuming oncreat...

  10. javascript - HTTP Basic Authorization on IP Camera with AJAX/jQuery

    I know this question has been asked many times before, but none of the responses seem to work for me, so here are my questions:I have a Sony IP camera on the intranet. I'm building a site with PHP/MySQL authentication for internal users to be able to view MJPEG streams, but the camera itself require...