+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: [Newbie] form_dropdown doesn't htmlencode? (/showthread.php?tid=34212)
[Newbie] form_dropdown doesn't htmlencode? - El Forum - 09-22-2010
[eluser]Unknown[/eluser]
Pretty simple question, just wanted to see if I'm doing this correctly.
I have a very simple dropdown that looks like this:
Code:
<?php
$subjsArray = array('' => '< Select One >');
foreach ($subjects as $subj) {
$subjsArray[$subj['key']] = $subj['display'];
}
echo form_dropdown('subject', $subjsArray, $form_values->subject, 'id="subject"') . "\n";
?>Basically what I've done (if it's not obvious enough) is take my $subjects array and added a < Select One > option first just so nothing is selected by default. What I've noticed is that nothing based to form_dropdown is being encoded properly.
What I expected was:
Code:
<select name="subject" id="subject">
<option value="" selected="selected">&l t; Select One &g t;</option>
...
</select>What I got was:
Code:
<select name="subject" id="subject">
<option value="" selected="selected">< Select One ></option>
...
</select>Am I using the function correctly? (This is my first attempt at CI)
Thanks!
Brandon
[Newbie] form_dropdown doesn't htmlencode? - El Forum - 09-22-2010
[eluser]CroNiX[/eluser]
I'm not seeing your problem. The "what you expected" and "what you got" seem identical to me? If your greater than/less than in your default value are being converted to htmlentities, either get rid of them (are they necessary?) or run your $subj['display'] through htmlentities() in your loop.
[Newbie] form_dropdown doesn't htmlencode? - El Forum - 09-22-2010
[eluser]Unknown[/eluser]
Whoops, looks like the entities I typed got encoded for me (edited my post to show others what I meant).
I have no problems encoding all of the values in my array, just making sure I was expected to do it that way.
Not to rant my first day here, but doesn't it seem like the form_dropdown function should be doing the encoding for me? I've always thought that if a function outputs the html it should be in charge of making it safe too.