Welcome Guest, Not a member yet? Register   Sign In
Form validation set_value() and html tags
#1

I have a form containing a TinyMCE text area.
In my CI 2.x project, the text was formatted correctly. In CI 3 however, all html tags show up in the editor box.
Any solution?
Reply
#2

Hm .. i use ckeditor without any trouble. How do you save the values into the db? There are in pure html? Please provide us with a small example.

Reply
#3

Saving the post data into the databases is done by using the update_string() function in the database helper. I checked this, and the posts are saved in the same format as before.
If I omit the set_value() function (as part of form-validation) and just put the value of the field directly into the text area, everything is ok. So, I assume that the set_value() function in the new CI version is acting different than before.

Working:
Code:
echo form_textarea('mytext',$mytext);

Not working:
Code:
echo form_textarea('mytext',set_value('mytext',$mytext));
Reply
#4

You're right .. there are now a third parameter for the HTML escaping:

http://www.codeigniter.com/userguide3/he...#set_value

Reply
#5

I tried set_value() with a boolean as third parameter, but neither TRUE or FALSE makes any difference.
Does the third parameter expect something else? It's not in the documentation.
Reply
#6

Today, I ran into this problem again. On one of my pages, I replaced TinyMCE by CKEditor. But with the same disappointing result. When using set_value(), my textarea is populated with text that contains html-tags e.g. <p> ... </p>. If I leave out set_value(), the value is as it should be. In CI 2.x this was not an issue. What's wrong with CI 3's set_value (or form helper) that ruins my text area's?
Reply
#7

(This post was last modified: 03-18-2015, 02:27 PM by silentium. Edit Reason: spelling fix )

I took a quick look at the CI form helper source code and found out that form_textarea() method do HTML escaping on the value already.

From /system/helpers/form_helper.php line 290
PHP Code:
return '<textarea '._parse_form_attributes($data$defaults).$extra.'>'.html_escape($val)."</textarea>\n"

As you see, it uses the common function html_escape($val) to html escape the value. Since it is doing this, it makes the use of set_value() redundant. And the issue you have is double escaping, since it works when you don't use set_value() in the form_textarea() function.

The change between CI2 and CI3 is in html_escape() (former form_prep() in CI2). CI2 checked if a field had already been escaped or not, CI3 seems to be missing this check.

But again, the correct use of form_textarea() is to not use set_value() as it already do the necessary escaping.

Hope this clear things up for you.
Reply
#8

@Silentium: thanks! Now I understand why the textarea has html tags and also html entities (when I look at the html source in my TinyMCE editor).
But the set_value() function has another purpose: re-populating a form when the posted values don't meet the form_validation rules.
In order to get that working for textarea's, I've added this function to MY_form_helper.php:
PHP Code:
function set_ta_value($field$tv NULL)
{
    
$CI =& get_instance();
    if (
$CI->input->post($field)) return $CI->input->post($field);
    return 
$tv;

Works really great now.
Reply
#9

(This post was last modified: 03-19-2015, 03:11 PM by silentium. Edit Reason: changed last paragraph )

(03-19-2015, 11:05 AM)Wouter60 Wrote: @Silentium: thanks! Now I understand why the textarea has html tags and also html entities (when I look at the html source in my TinyMCE editor).
But the set_value() function has another purpose: re-populating a form when the posted values don't meet the form_validation rules.

You are correct, I forgot that you can also use it to re-populate the form fields. I believe that is why CI2 checked if a field had already been escaped or not.

However, you should still be able to use it since you can set the third parameter to FALSE to make set_value() to not escape the data.
Reply
#10

This must be a fairly recent change, I ran into this today after changing to the "CodeIgniter-3.0rc3" system from a Jan 2015 3.0.0 "CodeIgniter-develop" system.

This info needs to go in the upgrade documentation too as it's a backward compatibility breaker.

http://www.codeigniter.com/userguide3/in...e_300.html
Reply




Theme © iAndrew 2016 - Forum software by © MyBB