Welcome Guest, Not a member yet? Register   Sign In
Apostrophes getting converted to html entities


I'm having trouble with form validation with data that includes an apostrophe - it gets converted to an html entity.

The validation I'm using:


If, for example, I enter "O'Reilly" in that field, it shows up as


in the DB.

Any advice appreciated.

Yes, and it's correct, because of SQL Injection (to protect your DB). If you want to stop replacing this, try to remove 'xss_clean' from rules (but it's security risk).

I realise it's part of sanitising the data via xss_clean, but I need to export the table into an csv file to be opened by Excel, so would prefer the apostrophe handled differently rather than converted to an html entity, e.g. using mysql_real_escape_string();

Trying to find the xss_clean function in the source.

You can make custom function to get it back:

function deentities($input)

$entities = array("'");
$strings = array("'");

return str_replace($entities, $strings, $input);


True, thanks Tominator. I haven't got to the export to csv part yet, but I assume I can run your replace suggestion on the whole csv string/array.


Thanks noctrum.

Theme © iAndrew 2016 - Forum software by © MyBB