Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming html_escape on set_value
html_escape on set_value
  • El Forum
    Unregistered
  •  
#6
10-04-2012, 03:57 AM

[eluser]royduin[/eluser]
Ok, I litty addition:
The problem is apparently the default value, not the returned value from set_value, that's likely escaped. Can someone confirm that the value returned from set_value is escaped?

OK:
Code:
<input type="text" name="name" value="<? echo set_value('name'); ?>" />
LIKE:
Code:
<input type="text" name="name" value=""><h1>It works!</h1>" />

Not OK (when the form is succesfully submited, but when you go back to the form and $name is the value pasted in):
Code:
<input type="text" name="name" value="<? echo set_value('name',$name); ?>" />
LIKE:
Code:
&lt;input type="text" name="name" value=""&gt;&lt;h1>It works!</h1>" />

Solution:
Code:
&lt;input type="text" name="name" value="&lt;? echo set_value('name',html_escape($name)); ?&gt;" /&gt;
WILL BE:
Code:
&lt;input type="text" name="name" value="&quot;&gt;&lt;h1&gt;It works!&lt;/h1&gt;" /&gt;


Messages In This Thread
html_escape on set_value - by El Forum - 10-03-2012, 02:21 AM
html_escape on set_value - by El Forum - 10-04-2012, 01:53 AM
html_escape on set_value - by El Forum - 10-04-2012, 03:01 AM
html_escape on set_value - by El Forum - 10-04-2012, 03:08 AM
html_escape on set_value - by El Forum - 10-04-2012, 03:30 AM
html_escape on set_value - by El Forum - 10-04-2012, 03:57 AM
html_escape on set_value - by El Forum - 10-06-2012, 11:29 AM
html_escape on set_value - by El Forum - 10-06-2012, 12:03 PM
html_escape on set_value - by El Forum - 10-06-2012, 12:11 PM
html_escape on set_value - by El Forum - 10-07-2012, 03:07 AM



Theme © iAndrew 2016 - Forum software by © MyBB