Login

FnX · 08-05-2015, 11:30 AM

(08-05-2015, 06:18 AM)Avenirer Wrote: actually, the set_value() always escaped the output. The new third parameter was created to allow you NOT to escape the value (if you set it to FALSE). But you are right about form_input() escaping values. Could you show me how you did the workaround?

I think you're wrong about the previous escaping of set_value(). This was the previous version (I downloaded it Nov 2011) :

PHP Code:
    function set_value($field = '', $default = '')
    {
        if (FALSE === ($OBJ =& _get_validation_object()))
        {
            if ( ! isset($_POST[$field]))
            {
                return $default;
            }

            return form_prep($_POST[$field], $field);
        }

        return form_prep($OBJ->set_value($field, $default), $field);
    } 

This is the CI3 version :

PHP Code:
    function set_value($field, $default = '', $html_escape = TRUE)
    {
        $CI =& get_instance();

        $value = (isset($CI->form_validation) && is_object($CI->form_validation) && $CI->form_validation->has_rule($field))
            ? $CI->form_validation->set_value($field, $default)
            : $CI->input->post($field, FALSE);

        isset($value) OR $value = $default;
        return ($html_escape) ? html_escape($value) : $value;
    } 

This is my workaround in the MY_form_helper.php :

PHP Code:
    function set_value($field, $default = '', $html_escape = FALSE)
    {
        $CI =& get_instance();

        $value = (isset($CI->form_validation) && is_object($CI->form_validation) && $CI->form_validation->has_rule($field))
            ? $CI->form_validation->set_value($field, $default)
            : $CI->input->post($field, FALSE);

        isset($value) OR $value = $default;
        return ($html_escape) ? html_escape($value) : $value;
    } 