What is xss_clean in CodeIgniter, and why should I use it?
and just as importantly, when should I not use it
Filed in: Security, PHP, CodeIgniter
March 30, 2011
If you're new to CodeIgniter, you've probably seen xss_clean() mentioned in the docs. When I was first starting with PHP and CodeIgniter, every time I saw xss_clean() mentioned, I'd think to myself "what the hell is that?!" So I hope I can show you what it is, why it's important to use and when you shouldn't use it.
What's XSS?
If you haven't heard the term XSS before, read over at Wikipedia about Cross Site Scripting.
A really quick example of an XSS attack would be to build a script like:
<?php echo ...