-DaRkSTAR*
New Member
Good afternoon,I'm having some doubts about the safety in CodeIgniter, the first is:I have a controller: news.php, and in it I have a method called viewExample:\[code\]class News extends CI_Controller{ public function view( $id ) { $this->load->model('news_model'); $this->news_model->get_by_id( $id ); // ... }}\[/code\]This form of work is safe? no risk of SQL injection by URL? taking into consideration that this page is accessed so mywebpage / news / number_id. It would be interesting to filter through intval () or unnecessary?My second question is:By default CodeIgniter xss filter can post and get, but unknown a way to filter HTML by CodeIgniter, I created a helper down in CodeIgniter, there is some way similar to that in native CodeIgniter?\[code\]function remove_xss_html($string){ if( is_array( $string ) ){ $return_array = array(); foreach( $string as $item ) { if(!get_magic_quotes_gpc()) { $return_array[] = addslashes( htmlspecialchars( strip_tags( $item ) ) ); } else { $return_array[] = htmlspecialchars( strip_tags( $item ) ); } } return $return_array; } else { return htmlspecialchars( strip_tags( $string ) ); }}\[/code\]and the third and last question is:If I send a variable $ this-> input-> post ('my_var') directly to the database without the filter, I run the risk of a sql injection? CodeIgniter or filters so safely?IMPORTANTE: My English is not very good, I used google translate and fix what I could.Thank you all ...