CodeIgniter Forums

Full Version: Uploading HTML Code
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

[eluser]webnology[/eluser]
Hi all,

when uploading concert reviews, we also provide the users to upload the embed code you find at YouTube: Normally the code should look like this:

Code:
&lt;object width="425" height="344"&gt;&lt;param name="movie" value="http://www.youtube.com/v/GVw6i_gdUZ0&hl=nl&fs=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param>&lt;embed src="http://www.youtube.com/v/GVw6i_gdUZ0&hl=nl&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"&gt;&lt;/embed>&lt;/object&gt;

But when I upload this to the db, it inserts it as:
Code:
&amp;lt;object width=&quot;425&quot; height=&quot;344&quot;&amp;gt;&amp;lt;param name=&quot;movie&quot; value=&quot;http://www.youtube.com/v/KLsWDQ0w23E&amp;hl=nl&amp;fs=1&quot;&gt;&lt;/param&gt;&lt;param name=&quot;allowFullScreen&quot; value=&quot;true&quot;&gt;&lt;/param&gt;&lt;param name=&quot;allowscriptaccess&quot; value=&quot;always&quot;&gt;&lt;/param&gt;&amp;lt;embed src=&quot;http://www.youtube.com/v/KLsWDQ0w23E&amp;hl=nl&amp;fs=1&quot; type=&quot;application/x-shockwave-flash&quot; allowscriptaccess=&quot;always&quot; allowfullscreen=&quot;true&quot; width=&quot;425&quot; height=&quot;344&quot;&amp;gt;&amp;lt;/embed&gt;&amp;lt;/object&amp;gt;

So all < and > are not added as they should. I've been trying modifications, but none work. Does anyone knwo why?

My code is as follows (I took out the rest of the code):

Code:
$this->form_validation->set_rules('url_youtube', 'url_youtube', 'htmlspecialchars|xss_clean|trim');

$formdata = array('url_youtube' => $this->input->post('url_youtube'));
$this->db->insert('atg_reviews', $formdata);

The character set of the upload page is UTF-8.

Kind regards,
Michel



[/code]

El Forum

[eluser]Zeeshan Rasool[/eluser]
Have you provided tinymce or text field?
when you gets the record from db after inserting, then is this is in normal format or changed?

El Forum

[eluser]xwero[/eluser]
remove htmlspecialchars

El Forum

[eluser]gomji9star[/eluser]
remove Special characters when you insert the link in database

El Forum

[eluser]webnology[/eluser]
ok, did that. I also used then htmlspecialchars_decode to show it in the view. That's working fine :-) Thx guys.

M

El Forum

[eluser]xwero[/eluser]
another option is to pre-process the posted value with strip_tags.
Code:
$_POST['url_youtube'] = strip_tags($_POST['url_youtube'],'&lt;object&gt;&lt;param>&lt;embed&gt;');
$this->form_validation->set_rules('url_youtube', 'url_youtube', 'xss_clean|trim');