Welcome! » Log In » Create A New Profile

When to use HTML Purifier with CodeIgniter

Posted by RaGe10940 
RaGe10940
When to use HTML Purifier with CodeIgniter
February 17, 2013 09:31AM

I am currently using CodeIgniter. I have 4 forms (student signin, login in form, create account, and request account)

I am currently using the Form_validation helper in codeigniter to make sure the data is what I expect if not then i will not pass it to the model (MVC). Also I am using the global xss_clean filter.

To my understand HTML Purifier should be only used when user data is going to be echo'd/outputted as HTML in a table, forum, blog (etc.) Is my understanding of this correct? I am asking because my student login form will be used to enter data into a database. Then my student queue page which will be creating a html jquery table will be used to SELECT ... FROM ... that database. So this is confusing me because in the output for the student queue page the data will be database housed. it wont just be posted directly.

So in turn my train of thought goes as follows :

>> Validate data making sure it is what you expect

>> Filter the data with xss_clean like I currently am.

>> Use PDO prepared queries to insert the data to the DB

>> now this step confuses me as to how I should echo my database data? should i use HTML Purifier at this step?

Sorry if this question has been asked a million times, I just can't seem to find what I am looking for. I am not fully gripping the concept of HTML purifier.

RaGe10940
Re: When to use HTML Purifier with CodeIgniter
February 17, 2013 09:52AM

Sorry I did not see which forum section I was writing to. My bad admin. But I also want to update, that none of my forms should be accepting any html.

Re: When to use HTML Purifier with CodeIgniter
February 17, 2013 10:53AM

if your forms don't accept html, then you don't need htmlpurifier & shouldn't use it. it's for HTML content only. use proper validation, typecasting, and htmlspecialchars/entities on output display

ImpressCMS: Make A Lasting Impression

RaGe10940
Re: When to use HTML Purifier with CodeIgniter
February 17, 2013 12:55PM

Thank you so very much.

Sorry, you do not have permission to post/reply in this forum.