Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
This is just something I was wondering about.
If I have a rule where I am only allowing integers as input, such as:
$this->form_validation->set_rules('item_id', 'item id', 'required|is_natural_no_zero');
Is it necessary to run xss_clean on it? I don’t see how XSS could be an issue in this case?
No you probably wouldn’t need to. Using the XSS clean features are more geared towards inputs where people can enter text and symbols. If you require int only or alpha only or alphanumeric, they won’t be allowed to enter symbols that would be a part of XSS. On the other hand, if you wanted to run EVERY input through an XSS filter, it couldn’t hurt.