+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: active record double-quote issue (/showthread.php?tid=40160)
active record double-quote issue - El Forum - 03-31-2011
[eluser]jupiter1031[/eluser]
I am using active record for updating and inserting data. Now I have an input field that requires double quotes. The system just rejects the input.Single quotes worked but the client wants double quotes. The documentations says everything is automatically escaped.
active record double-quote issue - El Forum - 03-31-2011
[eluser]InsiteFX[/eluser]
This all done to prevent SQL Injection, this what you have to try to explain to your customer!
InsiteFX
active record double-quote issue - El Forum - 03-31-2011
[eluser]jupiter1031[/eluser]
Ok, thank you!
But this still leaves me with the question how to enter double quotes in a form input. Anz suggestions for that?
active record double-quote issue - El Forum - 03-31-2011
[eluser]InsiteFX[/eluser]
You could also create your MY_form_helper from form_help and add your fix, but I would not recommend this!
This is the function that is causing you your problem in the form_helper!
Code:
function form_prep($str = '', $field_name = '')InsiteFX
active record double-quote issue - El Forum - 03-31-2011
[eluser]Madmartigan1[/eluser]
Quote:The system just rejects the input.
This could be a lot clearer. There's no good reason you wouldn't be able to $_POST quotes, or save them to the database. Do you think that nobody uses quotes???