Form validation set_value() and html tags |
I have a form containing a TinyMCE text area.
In my CI 2.x project, the text was formatted correctly. In CI 3 however, all html tags show up in the editor box. Any solution?
Hm .. i use ckeditor without any trouble. How do you save the values into the db? There are in pure html? Please provide us with a small example.
Saving the post data into the databases is done by using the update_string() function in the database helper. I checked this, and the posts are saved in the same format as before.
If I omit the set_value() function (as part of form-validation) and just put the value of the field directly into the text area, everything is ok. So, I assume that the set_value() function in the new CI version is acting different than before. Working: Code: echo form_textarea('mytext',$mytext); Not working: Code: echo form_textarea('mytext',set_value('mytext',$mytext));
You're right .. there are now a third parameter for the HTML escaping:
http://www.codeigniter.com/userguide3/he...#set_value
I tried set_value() with a boolean as third parameter, but neither TRUE or FALSE makes any difference.
Does the third parameter expect something else? It's not in the documentation.
Today, I ran into this problem again. On one of my pages, I replaced TinyMCE by CKEditor. But with the same disappointing result. When using set_value(), my textarea is populated with text that contains html-tags e.g. <p> ... </p>. If I leave out set_value(), the value is as it should be. In CI 2.x this was not an issue. What's wrong with CI 3's set_value (or form helper) that ruins my text area's?
03-18-2015, 02:26 PM
(This post was last modified: 03-18-2015, 02:27 PM by silentium. Edit Reason: spelling fix )
I took a quick look at the CI form helper source code and found out that form_textarea() method do HTML escaping on the value already.
From /system/helpers/form_helper.php line 290 PHP Code: return '<textarea '._parse_form_attributes($data, $defaults).$extra.'>'.html_escape($val)."</textarea>\n"; As you see, it uses the common function html_escape($val) to html escape the value. Since it is doing this, it makes the use of set_value() redundant. And the issue you have is double escaping, since it works when you don't use set_value() in the form_textarea() function. The change between CI2 and CI3 is in html_escape() (former form_prep() in CI2). CI2 checked if a field had already been escaped or not, CI3 seems to be missing this check. But again, the correct use of form_textarea() is to not use set_value() as it already do the necessary escaping. Hope this clear things up for you.
@Silentium: thanks! Now I understand why the textarea has html tags and also html entities (when I look at the html source in my TinyMCE editor).
But the set_value() function has another purpose: re-populating a form when the posted values don't meet the form_validation rules. In order to get that working for textarea's, I've added this function to MY_form_helper.php: PHP Code: function set_ta_value($field, $tv = NULL)
03-19-2015, 03:07 PM
(This post was last modified: 03-19-2015, 03:11 PM by silentium. Edit Reason: changed last paragraph ) (03-19-2015, 11:05 AM)Wouter60 Wrote: @Silentium: thanks! Now I understand why the textarea has html tags and also html entities (when I look at the html source in my TinyMCE editor). You are correct, I forgot that you can also use it to re-populate the form fields. I believe that is why CI2 checked if a field had already been escaped or not. However, you should still be able to use it since you can set the third parameter to FALSE to make set_value() to not escape the data.
This must be a fairly recent change, I ran into this today after changing to the "CodeIgniter-3.0rc3" system from a Jan 2015 3.0.0 "CodeIgniter-develop" system.
This info needs to go in the upgrade documentation too as it's a backward compatibility breaker. http://www.codeigniter.com/userguide3/in...e_300.html |
Welcome Guest, Not a member yet? Register Sign In |