Safe data from database |
[eluser]Jagar[/eluser]
Is there any way to return safe data from database in CI, I tried to insert something with quotes, it does insert properly using Mysql_real_escape_string function, but when getting back, the form does not display properly. Thanks
[eluser]janogarcia[/eluser]
Hi, Have you tried using the Form helper to generate your form fields or alternatively the form_prep() function?
[eluser]Thorpe Obazee[/eluser]
[quote author="Jagar" date="1242948503"]Is there any way to return safe data from database in CI, I tried to insert something with quotes, it does insert properly using Mysql_real_escape_string function, but when getting back, the form does not display properly. Thanks[/quote] how does it 'not display properly'?
[eluser]Jagar[/eluser]
The site is on intranet, and not many people will be using it, but there are stupid people who will mess with it and will do anything to crash it. I have a form(not used form helper), it adds certain data, so I was inserting the weirdest strings I could think of such as Code: [removed] Thanks!
[eluser]Jagar[/eluser]
I didn't know it would remove javascript, what I had is javascript tags with no close double quote
[eluser]Tom Schlick[/eluser]
google the htmlpurifier it has alot of options for escaping things and replacing with entities. it can easily be dropped in as a CI library.
[eluser]Jagar[/eluser]
About the form prep, if I apply form_prep on results coming from database, and then load them into the form, for editing for example. Is it going to change it back to normal html or it'll be saved as to what form_prep had changed to? |
Welcome Guest, Not a member yet? Register Sign In |