database INSERT and UPDATE converts symbols to html code |
I have a registration form. If I enter a word such as can't, the INSERT and UPDATE functions replace the ' with in the database.
It will display fine, but if I populate the form with database entries in order to edit the information, the field shows can't with the html code for ' instead of the ' . If I then re-submit the form after editing, the html code for ' is replaced by & and the html code for ' in the database, and so on. This is really bad for the user. Besides I don't want the html code for ' to be stored in the database, I want the actual word can't. What can I do to prevent this?
The text is being insert properly in the database now, and it is being displayed properly, but when I pre-populate the form for editing, the ' is still being converted. Why is that?
I am still having the problem with populating my form for editing. I have changed everything to utf8. I am only using standard rules in my form validation such as required, and Regex's. Where else can I look?
The words are being inserted into my database fine, and displayed on the page fine - just the populating of the form for editing is a problem. In my config file, I have $config['global_xss_filtering'] = FALSE;
This is the code I use for the form:
PHP Code: <div class="form-control"> In my controller, this is the only validation rule I am using for this input: PHP Code: $this->form_validation->set_rules('last_name', '<span>"Last Name"</span>', 'required'); This is where I get $client: PHP Code: 'client' =>$this->registration_model->get_single_client($_SESSION['client_id']), And this is in my model: PHP Code: /* Where in any of this code am I doing HTML escaping?
You're actually doing it twice - once with form_input() and once with set_value() - resulting in double encoding.
form_input() will always apply HTML escaping, and that's fine - that's how it is supposed to work. But you're passing it a value that was already escaped by set_value(), so now the '&' becomes '&amp;' ... http://www.codeigniter.com/userguide3/he...#set_value |
Welcome Guest, Not a member yet? Register Sign In |