Sanitizing Form inputs form quotes (' and ")

While RobertSF's advice is good if/when you're extending helpers, I want to make my point a little clearer: you should revert your form_helper back to the original version and set your values using set_value(). Even if you continue to use the form_input() helper, the $value parameter should be passed to set_value() first.

This will ensure the original value is retrieved from the form_validation library if a rule was used to validate that field. Otherwise, you're retrieving the data which has already been processed by the library (usually with the intent of storing it in the database), and you may be double-/triple-encoding your data at this point, and potentially creating errors in your output (or worse, opening yourself to the very attacks you were trying to prevent with the XSS filtering).

Bonfire

Practical CodeIgniter 3
CodeIgniter Testing Guide