Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming html_escape on set_value
html_escape on set_value
  • El Forum
    Unregistered
  •  
#1
10-03-2012, 02:21 AM

[eluser]royduin[/eluser]
Hi!

For this example I've got a input in a view:

Code:
<input type="text" name="name" value="<? echo set_value('name'); ?>" />

If the form is submitted it will run trought the form_validation in it's controller. If it fails the value will be returned to the view. But if I fill in:
Code:
"><h1>It works!</h1>

The result will be:
Code:
&lt;input type="text" name="name" value=""&gt;&lt;h1>It works!</h1>" />

After the validation I see the H1! So it's not escaping with htmlspecialchars or CI's own function: html_escape.

What's the best solution to fix this and how do you fixed this?

Just run it trought html_escape in the view, like: ?
Code:
&lt;input type="text" name="name" value="&lt;? echo html_escape(set_value('name')); ?&gt;" /&gt;

Thanks!


Messages In This Thread
html_escape on set_value - by El Forum - 10-03-2012, 02:21 AM
html_escape on set_value - by El Forum - 10-04-2012, 01:53 AM
html_escape on set_value - by El Forum - 10-04-2012, 03:01 AM
html_escape on set_value - by El Forum - 10-04-2012, 03:08 AM
html_escape on set_value - by El Forum - 10-04-2012, 03:30 AM
html_escape on set_value - by El Forum - 10-04-2012, 03:57 AM
html_escape on set_value - by El Forum - 10-06-2012, 11:29 AM
html_escape on set_value - by El Forum - 10-06-2012, 12:03 PM
html_escape on set_value - by El Forum - 10-06-2012, 12:11 PM
html_escape on set_value - by El Forum - 10-07-2012, 03:07 AM



Theme © iAndrew 2016 - Forum software by © MyBB