I am a beginner codeigniter developer and need your help.
I have a form that the is submitted to a function in the controller and I want to apply the form_validation library rules on the post data received from the form.
All I need to know is this:
Does $config['global_xss_filtering'] switch in input class do the same job as xss_clean rule in form_validation class?
Yes it's same. If you have enabled $config['global_xss_filtering'] through the config file you don't have to call xss_clean in form validation,
but if you have switched off $config['global_xss_filtering'], you have to call xss_clean in form validation and also you have to add additional parameter (TRUE or FALSE) in input->post function as well in order to do xss filtering. see below.
$name = trim($this->input->post('name',TRUE));
This will be helpful if you are using WYSIWYG editor in your application, then you have to switch off $config['global_xss_filtering'] and you have to pass additional parameter in input->post function like above, TRUE - for enable filtering and FALSE for disabling (Wherever you use WYSIWYG editor).
Related
I am new to CI and had just updated an old app developed by 3rd party developer and as I try to create any new record I get the following error:
Unable to access an error message corresponding to your field name `Field Name` .(xss_clean)
I have read many questions and answers on how to make it work, however, I have also read that this is a bad practice and would therefore like to get rid of xss_clean completely, but I just cannot seem to find straightforward information for how to do it.
Any help or guidance is much appreciated.
xss_clean is no longer part of form validation. The alternative is not to use it, as xss_clean is doing sanitization and not validation.
xss_clean is part of security helper. If you need to do it, after validation you do a:
$this->load->helper('security');
$value = $this->input->post('formvalue', TRUE);
// ...where TRUE enables the xss filtering
... i think...
Also, you can enable global xss filtering in the config.php file:
$config['global_xss_filtering'] = TRUE;
Or if you want to remove then you have to find all xss_clean used in validation and remove.
xss_clean is used mainly with CI's form validation library. As stated in the comments, the best way to get rid of this error (if you don't need the features of xss_clean) would be to remove all instances of xss_clean from your validation rules.
Example of where you could find xss_clean in your app:
$this->form_validation->set_rules('username', 'Username', 'trim|required|min_length[5]|max_length[12]|xss_clean');
codeigniter form validation documentation
valueWhen I want to validate posted value in Codeigniter, I do it in the following way:
$this->form_validation->set_rules('name', 'Name','required|xss_clean|strip_tags|trim|max_length[50]|alpha');
But I cannot understand how can I do the same validation for $name variable if it is grabbed from url like this:
$name = end($this->uri->segment_array());
I tried to do this and then validate in the same way
$this->form_validation->set_value('name', $name);
but validation did not pass. Could you please help me.
Technically we refer to this particular validation library as Form Validation which works on form data.
There are other methods such as using route files (which is a perfect tool in CI) that you can take advantage of for URL checking.
Beside any already-developed tools (like uri-validator), you can write your own validating functions.
The form validation library seems to only work on POST. I need to use query strings and would like to use CI to validate the passed values. Is there a way to do this?
The current Codeigniter 3.0 development branch provides an option to insert your own variable instead of $_POST. So you could start using 3.0.
Alternatively, the only way in CI2.1 is to do $_POST=$_GET before you run the validation.
See this page for the CodeIgniter 3 solution:-
http://www.codeigniter.com/userguide3/libraries/form_validation.html#validating-an-array-other-than-post
For CodeIgniter 2 you can do $_POST = $_GET; before $this->form_validation->run() as mentioned above.
You could overwrite the Form_validation function run in a MY_Form_Validation and modify it.
Reference How do I validate a form field in Codeigniter when using Get parameters?
Before validation rules, set the validation data with the following code.
$this->form_validation->set_data($_GET);
we are using a javascript form where a enduser has to enter phonenumber and promo code apart from other details. All the fields in the form are mandatory.
I am using validator.add(method) to validate phonenumber using regex.
Also using an another validator.add(method) to validate the promo code
But am able to use only one validator method. If am using multiple i.e., more than one, then the validation is not working.
Is the jquery validator method restricted to use only once in a form.
Please suggest me a solution for this.
You can use an OnSubmit function for the form and validate all the data there, you can also write several functions and use them in the main onsubmit function.
I am using Codeigniter form validation. In my registration form the Username field allows only numbers like 123456. I don't want this to happen.
My validation rule is as follows
'rules'=>'trim|required|alpha_numeric|min_length[6]|xss_clean'
I want to prevent users entering just numeric strings. Alpha numeric strings are fine, alpha strings are fine, but purely numeric ones are not.
To allow only letters
Add alpha to your rules and remove alpha_numeric from your rules
You can use this page as a point of reference for built in validation rules.
Edit:
Since you've clarified now.
To achieve this, there's no built in validation rule. You will need to extend the Form_validation library by creating a libraries/MY_Form_validation.php file. See this manual page on how to extend libraries.
In this file, create the following function
function at_least_one_letter($string) {
return preg_match('#[a-zA-Z]#', $string);
}
Then you can add the validation rule at_least_one_letter to your rules.
According to the codeigniter user manual :
You can also use any native PHP functions that permit one parameter.
I think in this case is_int could be used as your validation rule.
So, for instance:
'rules'=>'trim|required|is_int|min_length[6]|xss_clean',