Why if i pass a $_POST[‘string’] = <?php echo ‘hey’ ?> then i pass

Question

0

Asked: May 26, 20262026-05-26T02:36:09+00:00 2026-05-26T02:36:09+00:00

Why if i pass a $_POST[‘string’] = <?php echo ‘hey’ ?> then i pass

0

Why if i pass a $_POST['string'] = "<?php echo 'hey' ?>" then i pass it to the xss_clean() with echo $this->input->post('string',true); it is outputted as &lt;?php echo 'hey' ?&gt; and not as <?php echo 'hey' ?> ??

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T02:36:10+00:00

Editorial Team

2026-05-26T02:36:10+00:00Added an answer on May 26, 2026 at 2:36 am

If you take a look at the source code, you can see that the xss_clean method does a lot of heavy lifting. It’s more than just a htmlspecialchars() call. If you’re wanting to display php code in a page, I would convert it first, then sanitize it.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Why if i pass a $_POST[‘string’] = <?php echo ‘hey’ ?> then i pass

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply