+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24)
+--- Thread: database INSERT and UPDATE converts symbols to html code (/showthread.php?tid=64597)
Pages:
1
2
database INSERT and UPDATE converts symbols to html code - webmachine - 03-10-2016
I have a registration form. If I enter a word such as can't, the INSERT and UPDATE functions replace the ' with in the database.
It will display fine, but if I populate the form with database entries in order to edit the information, the field shows
can't with the html code for ' instead of the ' .
If I then re-submit the form after editing, the html code for ' is replaced by & and the html code for ' in the database, and so on.
This is really bad for the user. Besides I don't want the html code
for ' to be stored in the database, I want the actual word can't. What can I do to prevent this?
RE: database INSERT and UPDATE converts symbols to html code - keulu - 03-10-2016
your table need to be collate utf8_general_ci.
your files encoding UTF-8 too
add <meta charset="UTF-8"> in your layout
is that good for you ?
RE: database INSERT and UPDATE converts symbols to html code - webmachine - 03-10-2016
(03-10-2016, 09:35 AM)keulu Wrote: your table need to be collate utf8_general_ci.
your files encoding UTF-8 too
add <meta charset="UTF-8"> in your layout
is that good for you ?
Thanks for answering so quickly. I'll try that now.
RE: database INSERT and UPDATE converts symbols to html code - webmachine - 03-10-2016
The text is being insert properly in the database now, and it is being displayed properly, but when I pre-populate the form for editing, the ' is still being converted. Why is that?
RE: database INSERT and UPDATE converts symbols to html code - keulu - 03-10-2016
strange...
did you try with a new insert ? or editing an old entry ?
a simple html_entity_decode() work, but you maybe have a more deep problem...
RE: database INSERT and UPDATE converts symbols to html code - Narf - 03-10-2016
CI doesn't do such conversions unless you tell it to ... stop using global_xss_filtering, xss_clean() (you probably have that as a form validation rule), etc. on your inputs.
RE: database INSERT and UPDATE converts symbols to html code - webmachine - 03-10-2016
I am still having the problem with populating my form for editing. I have changed everything to utf8. I am only using standard rules in my form validation such as required, and Regex's. Where else can I look?
The words are being inserted into my database fine, and displayed on the page fine - just the populating of the form for editing is a problem.
In my config file, I have $config['global_xss_filtering'] = FALSE;
RE: database INSERT and UPDATE converts symbols to html code - Narf - 03-11-2016
Then you're somehow doing HTML escaping while populating your forms.
RE: database INSERT and UPDATE converts symbols to html code - webmachine - 03-11-2016
This is the code I use for the form:
PHP Code:
<div class="form-control">
<?php echo form_label('Last Name: ', 'last_name'); ?><br />
<?php
$attributes = array(
'id' => 'last_name',
'name' => 'last_name',
'value' => set_value('last_name', $client->last_name)
);
echo form_input($attributes);
?>
</div> <!-- end of .form-control -->
In my controller, this is the only validation rule I am using for this input:
PHP Code:
$this->form_validation->set_rules('last_name', '<span>"Last Name"</span>', 'required');
This is where I get $client:
PHP Code:
'client' =>$this->registration_model->get_single_client($_SESSION['client_id']),
And this is in my model:
PHP Code:
/*
* get a specific client
*/
public function get_single_client($client_id) {
$this->db->where('id', $client_id);
$query = $this->db->get('clients');
return $query->row();
}
Where in any of this code am I doing HTML escaping?
RE: database INSERT and UPDATE converts symbols to html code - Narf - 03-11-2016
You're actually doing it twice - once with form_input() and once with set_value() - resulting in double encoding.
form_input() will always apply HTML escaping, and that's fine - that's how it is supposed to work.
But you're passing it a value that was already escaped by set_value(), so now the '&' becomes '&amp;' ...
http://www.codeigniter.com/userguide3/helpers/form_helper.html#set_value