CodeIgniter Forums

Full Version: database INSERT and UPDATE converts symbols to html code
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
I have a registration form. If I enter a word such as can't, the INSERT and UPDATE functions replace the ' with  in the database.

It will display fine, but if I populate the form with database entries in order to edit the information, the field shows
can't with the html code for ' instead of the ' .

If I then re-submit the form after editing, the html code for '  is replaced by & and the html code for '  in the database, and so on. 


This is really bad for the user. Besides I don't want the html code
for ' to be stored in the database, I want the actual word can't. What can I do to prevent this?
your table need to be collate utf8_general_ci.
your files encoding UTF-8 too
add <meta charset="UTF-8"> in your layout

is that good for you ?
(03-10-2016, 09:35 AM)keulu Wrote: [ -> ]your table need to be collate utf8_general_ci.
your files encoding UTF-8 too
add <meta charset="UTF-8"> in your layout

is that good for you ?

Thanks for answering so quickly. I'll try that now.
The text is being insert properly in the database now, and it is being displayed properly, but when I pre-populate the form for editing, the ' is still being converted. Why is that?
strange...

did you try with a new insert ? or editing an old entry ?

a simple html_entity_decode() work, but you maybe have a more deep problem...
CI doesn't do such conversions unless you tell it to ... stop using global_xss_filtering, xss_clean() (you probably have that as a form validation rule), etc. on your inputs.
I am still having the problem with populating my form for editing. I have changed everything to utf8. I am only using standard rules in my form validation such as required, and Regex's. Where else can I look?

The words are being inserted into my database fine, and displayed on the page fine - just the populating of the form for editing is a problem.

In my config file, I have $config['global_xss_filtering'] = FALSE;
Then you're somehow doing HTML escaping while populating your forms.
This is the code I use for the form:

PHP Code:
<div class="form-control">
 
    <?php echo form_label('Last Name: ''last_name'); ?><br />
     <?php
          $attributes 
= array(
 
              'id' => 'last_name',
 
              'name' => 'last_name',
 
              'value' => set_value('last_name'$client->last_name)
 
         );
 
        echo form_input($attributes);
 
    ?>
</div> <!-- end of .form-control --> 

In my controller, this is the only validation rule I am using for this input:
PHP Code:
$this->form_validation->set_rules('last_name''<span>"Last Name"</span>''required'); 

This is where I get $client:
PHP Code:
'client' =>$this->registration_model->get_single_client($_SESSION['client_id']),   

And this is in my model:
PHP Code:
/*
* get a specific client
*/
 
public function get_single_client($client_id) {
 
 
$this->db->where('id'$client_id);
 
$query $this->db->get('clients');
 
 return 
$query->row();
 
 } 

Where in any of this code am I doing HTML escaping?
You're actually doing it twice - once with form_input() and once with set_value() - resulting in double encoding.

form_input() will always apply HTML escaping, and that's fine - that's how it is supposed to work.
But you're passing it a value that was already escaped by set_value(), so now the '&amp;' becomes '&amp;amp;' ...

http://www.codeigniter.com/userguide3/he...#set_value
Pages: 1 2