Greg Aker

Entries Tagged with: Security

What is xss_clean in CodeIgniter, and why should I use it?

and just as importantly, when should I not use it

Filed in: Security, PHP, CodeIgniter

March 30, 2011

If you're new to CodeIgniter, you've probably seen xss_clean() mentioned in the docs. When I was first starting with PHP and CodeIgniter, every time I saw xss_clean() mentioned, I'd think to myself "what the hell is that?!" So I hope I can show you what it is, why it's important to use and when you shouldn't use it.

What's XSS?

If you haven't heard the term XSS before, read over at Wikipedia about Cross Site Scripting.

A really quick example of an XSS attack would be to build a script like:

<?php

echo ...

Read More