I am using codeigniter, and at the moment I am making full body search,

Question

0

Asked: June 1, 20262026-06-01T17:53:21+00:00 2026-06-01T17:53:21+00:00

I am using codeigniter, and at the moment I am making full body search,

0

I am using codeigniter, and at the moment I am making full body search, and I am wondering what is the best practice to do this. For now I have this:

$keyword = $this->db->escape_like_str(trim($_POST['keyword']));

After that, search is performed. Is this safe or I need to do something more (XSS Filtering is on)?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-01T17:53:23+00:00

Editorial Team

2026-06-01T17:53:23+00:00Added an answer on June 1, 2026 at 5:53 pm

Because you are accessing the _POST variable directly, you’re bypassing all CI’s XSS/Escaping and security features. You should be getting that as:

$this->input->post('keyword');

This is automatically escaped by CI, and you can perform other validations before just throwing it at the DB. Also if you use active record, then all values are automatically escaped as required too.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am using codeigniter, and at the moment I am making full body search,

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply