Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter Best Practices Sanitizing Form inputs form quotes (' and ")
Sanitizing Form inputs form quotes (' and ")
  • Offline mwhitney
    Posting Freak
  • *****
  • Posts: 1,101
    Threads: 4
    Joined: Nov 2014
    Reputation: 95
#9
01-05-2015, 01:14 PM

(01-03-2015, 05:28 PM)RobertSF Wrote:
(12-30-2014, 10:41 PM)sujit510 Wrote: why CI maintainers haven't addressed this issue yet?
You mean the conversion of quotes to "? Well, I think that's really a PHP issue. It's PHP that is doing the conversion, and Codeigniter just isn't reversing the conversion. I believe later versions of PHP don't do that anymore. Also, somebody might have actually wanted that conversion to happen, and then they would have complained that Codeigniter reversed the desired conversion.

It's an HTML issue. If you don't convert the quotes when outputting the value to a view, you run the risk of getting broken HTML in your output, e.g.:


Code:
<input type='text' name='something' value='This isn't what I intended at all' />

Which would, at best, give you a text box with the value This isn followed by a bunch of invalid attributes. One of the common outcomes would look like this:

Code:
<input type='text' name='something' value='This isn' t='t' what='what' I='I' intended='intended' at='at' all='all' />
Bonfire
Practical CodeIgniter 3
CodeIgniter Testing Guide
Reply


Messages In This Thread
RE: Sanitizing Form inputs form quotes (' and ") - by mwhitney - 01-05-2015, 01:14 PM



Theme © iAndrew 2016 - Forum software by © MyBB