April 21, 2013

Proper Form Input Sanitation

Undermine2k’s Questions:

I have form fields i’m gathering from my form using

 var dataString = $("form").serialize();

I am then sending this over to my controller as dataType “html”

The var_dump for my dataString looks like this (so far, but it will contain email address, select options, etc)

array(3) {
  string(5) "mikey"
  string(4) "tes%"
  string(6) "tester" }

my question is as follows: What is the proper method of form sanitation i should be using before I send data to my model? I know I need to strip special characters and the like, is there some prepackaged class I should be using?

Do I need to break my data up like

  $username =  trim(Array[0]) ; 

Enable XSS Filtering on application/config/config.php

$config['global_xss_filtering'] = TRUE;

Please fill the form - I will response as fast as I can!