php - xss_clean(set_value('field_name')) or set_value('field_name') is safe enough? -
as codeigniter3's documentation says ,
a largely unknown rule xss cleaning should applied output, opposed input data.
should use xss_clean() before outputting user's data? or set_value me?
yes, set_value()
apply xss-sanitizing default.
however, careful when using other form helper functions, because well, , don't want double-escaping. as explained in manual, can turn escaping off passing (boolean) false third parameter set_value()
.
Comments
Post a Comment