Why form validation automatically converts special HTML chars?

Why form validation automatically converts special HTML chars? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Why form validation automatically converts special HTML chars? (/showthread.php?tid=13049)

Why form validation automatically converts special HTML chars? - El Forum - 11-09-2008

[eluser]Volder[/eluser]
I created a simple controller test.php:

Code:
&lt;?php

class Test extends Controller{

  function index()

  {

   $this->load->library('form_validation');

   $rules = array(array('field' => 'text_field',

                  'label' => ' ',

                  'rules' => 'trim|required'

                  ));

   $this->form_validation->set_rules($rules);

   $this->form_validation->run();

   $this->load->view("v_test");

  }

}

and a simple view v_test.php:

Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"

    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

&lt;html &gt;

&lt;head&gt;

  &lt;title&gt;Validation Test!&lt;/title&gt;

  &lt;meta http-equiv="content-type" content="text/html; charset=utf-8" /&gt;

&lt;/head&gt;

&lt;body&gt;

 <p>From validation: &lt;?=set_value('text_field')?&gt;</p>

 <p>From input: &lt;?=$this->input->post('text_field')?&gt;</p>

 &lt;form action = '/test/' method='post'&gt;

        &lt;input type="text" name="text_field" value="&lt;?=set_value('text_field')?&gt;" /&gt;

        &lt;input type="submit" value="Validate"/&gt;

 &lt;/form&gt;

&lt;/body&gt;

&lt;/html&gt;

the question is the following:
I don't use htmlspecialchars function in validation rules for my field - but why the function set_value() produces transformed special characters?

So for example I inputed the value

Code:
<a href="http://test">test</a>

and all special chars are transformed to entities.

Is there any way to leave it untouched in validation?

Why form validation automatically converts special HTML chars? - El Forum - 11-09-2008

[eluser]Pascal Kriete[/eluser]
Set_value calls form_prep (form helper) to prevent the html from breaking your form.

If you don't want it to do that use $this->validation->set_value instead.

Why form validation automatically converts special HTML chars? - El Forum - 11-09-2008

[eluser]Volder[/eluser]
thanks a lot, using

Code:
$this->form_validation->set_value()

helped.