![]() |
Uploading HTML Code - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: Uploading HTML Code (/showthread.php?tid=18176) |
Uploading HTML Code - El Forum - 04-28-2009 [eluser]webnology[/eluser] Hi all, when uploading concert reviews, we also provide the users to upload the embed code you find at YouTube: Normally the code should look like this: Code: <object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/GVw6i_gdUZ0&hl=nl&fs=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/GVw6i_gdUZ0&hl=nl&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object> But when I upload this to the db, it inserts it as: Code: &lt;object width="425" height="344"&gt;&lt;param name="movie" value="http://www.youtube.com/v/KLsWDQ0w23E&hl=nl&fs=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param>&lt;embed src="http://www.youtube.com/v/KLsWDQ0w23E&hl=nl&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"&gt;&lt;/embed>&lt;/object&gt; So all < and > are not added as they should. I've been trying modifications, but none work. Does anyone knwo why? My code is as follows (I took out the rest of the code): Code: $this->form_validation->set_rules('url_youtube', 'url_youtube', 'htmlspecialchars|xss_clean|trim'); The character set of the upload page is UTF-8. Kind regards, Michel [/code] Uploading HTML Code - El Forum - 04-28-2009 [eluser]Zeeshan Rasool[/eluser] Have you provided tinymce or text field? when you gets the record from db after inserting, then is this is in normal format or changed? Uploading HTML Code - El Forum - 04-28-2009 [eluser]xwero[/eluser] remove htmlspecialchars Uploading HTML Code - El Forum - 04-28-2009 [eluser]gomji9star[/eluser] remove Special characters when you insert the link in database Uploading HTML Code - El Forum - 04-28-2009 [eluser]webnology[/eluser] ok, did that. I also used then htmlspecialchars_decode to show it in the view. That's working fine :-) Thx guys. M Uploading HTML Code - El Forum - 04-28-2009 [eluser]xwero[/eluser] another option is to pre-process the posted value with strip_tags. Code: $_POST['url_youtube'] = strip_tags($_POST['url_youtube'],'<object><param><embed>'); |