Welcome Guest, Not a member yet? Register   Sign In
Sanitizing Form inputs form quotes (' and ")

(01-03-2015, 05:28 PM)RobertSF Wrote:
(12-30-2014, 10:41 PM)sujit510 Wrote: why CI maintainers haven't addressed this issue yet?
You mean the conversion of quotes to "? Well, I think that's really a PHP issue. It's PHP that is doing the conversion, and Codeigniter just isn't reversing the conversion. I believe later versions of PHP don't do that anymore. Also, somebody might have actually wanted that conversion to happen, and then they would have complained that Codeigniter reversed the desired conversion.

It's an HTML issue. If you don't convert the quotes when outputting the value to a view, you run the risk of getting broken HTML in your output, e.g.:

<input type='text' name='something' value='This isn't what I intended at all' />

Which would, at best, give you a text box with the value This isn followed by a bunch of invalid attributes. One of the common outcomes would look like this:

<input type='text' name='something' value='This isn' t='t' what='what' I='I' intended='intended' at='at' all='all' />

Messages In This Thread
RE: Sanitizing Form inputs form quotes (' and ") - by mwhitney - 01-05-2015, 01:14 PM

Theme © iAndrew 2016 - Forum software by © MyBB