CodeIgniter Forums
form_prep is not implemented in the form_dropdown helper ? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: form_prep is not implemented in the form_dropdown helper ? (/thread-43631.html)



form_prep is not implemented in the form_dropdown helper ? - El Forum - 07-19-2011

[eluser]Unknown[/eluser]
I think the helper form_prep is not working in the formdropdown.
Someone talked about this few years ago in this topic.
It has been resolved for the textarea helper but not for the form_dropdown...

Please tell me if there is something that I don't understand but the user guide seems clear about that :
Quote:Note: If you use any of the form helper functions listed in this page the form values will be prepped automatically, so there is no need to call this function. Use it only if you are creating your own form elements.

If my bug is really a bug, it's a big security failure.
Fortunately, I think it's not hard to fix...


form_prep is not implemented in the form_dropdown helper ? - El Forum - 07-19-2011

[eluser]Aken[/eluser]
Confirmed on a 2.0.2 install, no form_prep() action inside the form_dropdown() function.

I wouldn't call it a big security failure, though. All it will do is mess up your HTML output for the forms. Your back end should still protect against any sort of shenanigans sent through the form, whether they're caused by a sneaky user or a misplaced quote.