dream6120 2016-07-13 06:51
浏览 51
已采纳

由于xss_clean,表单验证无效

  public function add_creation()
{
    $images = $this->do_imgupload();
    $this->form_validation->set_rules('title','title','trim|xss_clean');
    $this->form_validation->set_rules('instrument_used','instrument_used','trim|xss_clean');
    $this->form_validation->set_rules('genre','genre','trim|xss_clean');
    $this->form_validation->set_rules('courtesy','courtesy','trim|xss_clean');
    $this->form_validation->set_rules('image_link','image_link','trim|xss_clean');
    $this->form_validation->set_rules('song_link','song_link','trim|xss_clean');
    $this->form_validation->set_rules('comment_request','comment_request','trim|xss_clean');

    if($this->input->post('upload')){
        if($this->form_validation->run()==FALSE){

               redirect('creations');
        }
        else
        {
            //based on input field the data will be inserted
            if ($this->input->post('image_link')) {
                    $time=date('Y-m-d');
            $data1=array(
            'title'=>$this->input->post('title'),
            'instrument_used' =>$this->input->post('instrument_used'),
            'genre' =>$this->input->post('genre'),
            'art_form_id' =>$this->input->post('art_form_id'),
            'courtesy' =>$this->input->post('courtesy'),
            'image_link'=>$images['file_name'],
            'artist_id'=>1,
            'published_date'=>$time,
            'comment_request' => $this->input->post('comment_request')

            );
            $query=$this->hbmodel->md_add_creation($data1);


            } 




            if ($query) 
            {


                redirect('profile');    
            }
            else
            {

               redirect('creations');
            }
    }
}
  }


        <form   role="form" id="#publish_creation" action="<?php echo base_url();?>creations/add_creation" method="post" enctype="multipart/form-data">
                <input type="submit" value="Publish" name="upload" class="btn th-btn-pri1blue">
    <input class="btn btn-default btn-sm" type="file"  name="image_link" id="image_upload">


          <input placeholder="Title: Numb Cover" name="title" id="title" type="text" required >
          <select class="form-control" id="my_select" name="art_form_id">
          <option value="1">Music</option>
          <option value="2">Photography</option>
          <option value="3">Painting</option>
          <option value="4">Fashion</option>
          <option value="5">Modelling</option>
          </select> 


        <input  placeholder="Genre: Alternative Rock" name="genre" id="genre"  type="text" >

        <input  placeholder="Instrument Used: Yamaha Piano" name="instrument_used" id="instrument_used" type="text" >

        <input  placeholder="Courtesy: Linkin Park" name="courtesy" id="courtesy"  type="text" >

        <input  placeholder="Comment Request: Be critical or interpret!" name="comment_request" id="comment"  type="text" >
    </form>

I am getting redirected to the same upload page when i submit the form and not getting any error. but i am trying to provide the values to the controller that will later take to model page. YOu can create the database from the controller and insert it in model. I am sure there is nothing wrong in model.

  • 写回答

3条回答 默认 最新

  • doushi3715 2016-07-15 08:57
    关注

    I found out that you have to change global_xss_filtering to true in the config.php in config folder. Then put 

    $this->load->helper('security');

    to the controller. Then the validation will work. This problem occured in CI 3.0.0

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 南大pa1 小游戏没有界面,并且报了如下错误,尝试过换显卡驱动,但是好像不行
  • ¥15 没有证书,nginx怎么反向代理到只能接受https的公网网站
  • ¥50 成都蓉城足球俱乐部小程序抢票
  • ¥15 yolov7训练自己的数据集
  • ¥15 esp8266与51单片机连接问题(标签-单片机|关键词-串口)(相关搜索:51单片机|单片机|测试代码)
  • ¥15 电力市场出清matlab yalmip kkt 双层优化问题
  • ¥30 ros小车路径规划实现不了,如何解决?(操作系统-ubuntu)
  • ¥20 matlab yalmip kkt 双层优化问题
  • ¥15 如何在3D高斯飞溅的渲染的场景中获得一个可控的旋转物体
  • ¥88 实在没有想法,需要个思路