I have proble with set_rules function in Codeigniter 3
i check user email:
$this->form_validation->set_rules('email', 'Email', 'required|trim|xss_clean|valid_email');
and when I post get this error:
Unable to access an error message corresponding to your field name Email.
From the codeigniter github :
A largely unknown rule about XSS cleaning is that it should only be applied to output, as opposed to input data.
We've made that mistake ourselves with our automatic and global XSS cleaning feature (see previous step about XSS above), so now in an effort to discourage that practice, we're also removing 'xss_clean' from the officially supported list of form validation rules.
Because the Form Validation library generally validates input data, the 'xss_clean' rule simply doesn't belong in it.
If you really, really need to apply that rule, you should now also load the Security Helper, which contains xss_clean() as a regular function and therefore can be also used as a validation rule.
Link : https://github.com/bcit-ci/CodeIgniter/blob/develop/user_guide_src/source/installation/upgrade_300.rst#step-13-check-for-usage-of-the-xss_clean-form-validation-rule
And if, despite everything, you really need it, go to application/config/autoload.php :
$autoload['helper'] = array('security');
Or, before your form validation
$this->load->helper('security');
The alternative is not to use it, as xss_clean is doing sanitization and not validation. xss_clean is part of security helper. If you need to do it, after validation you do.
$this->load->helper('security'); ` $value = $this->input->post('email',TRUE); //where TRUE enables the xss filtering
Also, you can enable global xss filtering in the config.php file
$config['global_xss_filtering'] = TRUE;
Others have alluded to it, but no one has said succinctly, the way to fix this error is to remove xxs_clean
from your validation rule. I just came across this issue myself, and thanks to the hints provided here, was able to fix the issue.
This:
$this->form_validation->set_rules('email', 'Email', 'required|trim|xss_clean|valid_email');
Becomes this:
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
Please load security
Helper on autoload.php
$autoload['helper'] = array('security');
No need to do anything more.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With