stackoom
  简体   繁体   中英

Codeigniter, best practice for safe search

 原文  2012-04-11 09:44:45       php/ mysql/ codeigniter

Question

I am using codeigniter, and at the moment I am making full body search, and I am wondering what is the best practice to do this. For now I have this:

$keyword = $this->db->escape_like_str(trim($_POST['keyword']));

After that, search is performed. Is this safe or I need to do something more (XSS Filtering is on)?

1 answers

solution1
 5 ACCPTED  2012-04-11 10:00:03

Because you are accessing the _POST variable directly, you're bypassing all CI's XSS/Escaping and security features. You should be getting that as:

$this->input->post('keyword');

This is automatically escaped by CI, and you can perform other validations before just throwing it at the DB. Also if you use active record , then all values are automatically escaped as required too.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Codeigniter best practice model CodeIgniter Campaign Best Practice CodeIgniter Subdomain Routing Best Practice CodeIgniter MVC best practice - Controllers Codeigniter assets folder best practice CodeIgniter Best Practice Items List Best practice in writing queries in codeigniter Codeigniter - best practice to sanitize input best practice with CRUD system and JOIN queries in CodeIgniter Handling Dynamic Content in CodeIgniter (Best Practice)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM