April 21, 2013

Proper Form Input Sanitation

Undermine2k’s Questions:

I have form fields i’m gathering from my form using

 var dataString = $("form").serialize();

I am then sending this over to my controller as dataType “html”

The var_dump for my dataString looks like this (so far, but it will contain email address, select options, etc)

array(3) {
  ["username"]=>
  string(5) "mikey"
  ["firstname"]=>
  string(4) "tes%"
  ["lastname"]=>
  string(6) "tester" }

my question is as follows: What is the proper method of form sanitation i should be using before I send data to my model? I know I need to strip special characters and the like, is there some prepackaged class I should be using?

Do I need to break my data up like

  $username =  trim(Array[0]) ; 

Enable XSS Filtering on application/config/config.php

$config['global_xss_filtering'] = TRUE;

Author: Nabin Nepal (Starx)

Hello, I am Nabin Nepal and you can call me Starx. This is my blog where write about my life and my involvements. I am a Software Developer, A Cyclist and a Realist. I hope you will find my blog interesting. Follow me on Google+

...

Please fill the form - I will response as fast as I can!