Uploading HTML Code - Printable Version

Uploading HTML Code - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Uploading HTML Code (/showthread.php?tid=18176)

Uploading HTML Code - El Forum - 04-28-2009

[eluser]webnology[/eluser]
Hi all,

when uploading concert reviews, we also provide the users to upload the embed code you find at YouTube: Normally the code should look like this:

Code:
&lt;object width="425" height="344"&gt;&lt;param name="movie" value="http://www.youtube.com/v/GVw6i_gdUZ0&hl=nl&fs=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param>&lt;embed src="http://www.youtube.com/v/GVw6i_gdUZ0&hl=nl&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"&gt;&lt;/embed>&lt;/object&gt;

But when I upload this to the db, it inserts it as:

Code:
&amp;lt;object width=&quot;425&quot; height=&quot;344&quot;&amp;gt;&amp;lt;param name=&quot;movie&quot; value=&quot;http://www.youtube.com/v/KLsWDQ0w23E&amp;hl=nl&amp;fs=1&quot;&gt;&lt;/param&gt;&lt;param name=&quot;allowFullScreen&quot; value=&quot;true&quot;&gt;&lt;/param&gt;&lt;param name=&quot;allowscriptaccess&quot; value=&quot;always&quot;&gt;&lt;/param&gt;&amp;lt;embed src=&quot;http://www.youtube.com/v/KLsWDQ0w23E&amp;hl=nl&amp;fs=1&quot; type=&quot;application/x-shockwave-flash&quot; allowscriptaccess=&quot;always&quot; allowfullscreen=&quot;true&quot; width=&quot;425&quot; height=&quot;344&quot;&amp;gt;&amp;lt;/embed&gt;&amp;lt;/object&amp;gt;

So all < and > are not added as they should. I've been trying modifications, but none work. Does anyone knwo why?

My code is as follows (I took out the rest of the code):

Code:
$this->form_validation->set_rules('url_youtube', 'url_youtube', 'htmlspecialchars|xss_clean|trim');

$formdata = array('url_youtube' => $this->input->post('url_youtube'));

$this->db->insert('atg_reviews', $formdata);

The character set of the upload page is UTF-8.

Kind regards,
Michel

[/code]

Uploading HTML Code - El Forum - 04-28-2009

[eluser]Zeeshan Rasool[/eluser]
Have you provided tinymce or text field?
when you gets the record from db after inserting, then is this is in normal format or changed?

Uploading HTML Code - El Forum - 04-28-2009

[eluser]xwero[/eluser]
remove htmlspecialchars

Uploading HTML Code - El Forum - 04-28-2009

[eluser]gomji9star[/eluser]
remove Special characters when you insert the link in database

Uploading HTML Code - El Forum - 04-28-2009

[eluser]webnology[/eluser]
ok, did that. I also used then htmlspecialchars_decode to show it in the view. That's working fine :-) Thx guys.

M

Uploading HTML Code - El Forum - 04-28-2009

[eluser]xwero[/eluser]
another option is to pre-process the posted value with strip_tags.

Code:
$_POST['url_youtube'] = strip_tags($_POST['url_youtube'],'&lt;object&gt;&lt;param>&lt;embed&gt;');

$this->form_validation->set_rules('url_youtube', 'url_youtube', 'xss_clean|trim');