I am currently learning the framework "CodeIgniter". But I have a problem for my Form validation. First, let me show you my view :
<form method="post" action="connexion">
<label for="pseudo">Pseudo : </label>
<input type="text" name="pseudo" value="" />
<label for="mdp">Mot de passe :</label>
<input type="password" name="mdp" value="" />
<input type="submit" value="Envoyer" /></form>
My controller :
public function connexion()
{
$this->load->library('form_validation');
$this->form_validation->set_rules('pseudo', '"user name"', 'trim|required|min_length[5]|max_length[52]|alpha_dash|encode_php_tags|xss_clean');
$this->form_validation->set_rules('mdp', '"password"', 'trim|required|min_length[5]|max_length[52]|alpha_dash|encode_php_tags|xss_clean');
if($this->form_validation->run())
{
$this->load->view('connexion_ok');
}
else
{
$this->load->view('form');
}
}
When I remove the "xss_clean" filter in my controller in the set_rules(), it works perfectly, the form is valid. If the "xss_clean" is present, it doesn't work, it goes in the else. I don't use special chars in my input, only letters.
In the settings I put this on true : $config['global_xss_filtering'] = TRUE;
I read somewhere the "xss_clean" filter is useless. What else can I use ? Maybe helpers or something else ? Thank you