diff options
author | Andrey Andreev <narf@devilix.net> | 2016-03-12 16:21:55 +0100 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2016-03-12 16:21:55 +0100 |
commit | 4f555079a6d85abd11403c72b9dbaa8823dc2e6d (patch) | |
tree | dff3ea0218b0d3c180d2bdef6dff51d8123e7944 /user_guide_src/source/installation/upgrade_306.rst | |
parent | b5a5d76d0733780c846963592ff813f867beaf97 (diff) |
[ci skip] Deprecate prep_for_form() in Form_validation
Diffstat (limited to 'user_guide_src/source/installation/upgrade_306.rst')
-rw-r--r-- | user_guide_src/source/installation/upgrade_306.rst | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/user_guide_src/source/installation/upgrade_306.rst b/user_guide_src/source/installation/upgrade_306.rst index e9c4bdd79..f6d2f13d4 100644 --- a/user_guide_src/source/installation/upgrade_306.rst +++ b/user_guide_src/source/installation/upgrade_306.rst @@ -12,3 +12,22 @@ Replace all files and directories in your *system/* directory. .. note:: If you have any custom developed files in these directories, please make copies of them first. + +Step 2: Remove 'prep_for_form' usage (deprecation) +================================================== + +The :doc:`Form Validation Library <../libraries/form_validation>` has a +``prep_for_form()`` method, which is/can also be used as a rule in +``set_rules()`` to automatically perform HTML encoding on input data. + +Automatically encoding input (instead of output) data is a bad practice in +the first place, and CodeIgniter and PHP itself offer other alternatives +to this method anyway. +For example, :doc:`Form Helper <../helpers/form_helper>` functions will +automatically perform HTML escaping when necessary. + +Therefore, the *prep_for_form* method/rule is pretty much useless and is now +deprecated and scheduled for removal in 3.1+. + +.. note:: The method is still available, but you're strongly encouraged to + remove its usage sooner rather than later. |