Textarea and converting entities |
I have a textarea that uses TinyMCE but have tested this with just the normal textarea. When I submit the form the first time with the following line
Code: <p>testing</p> it saves that to the database without a problem, but say I updated another field in the form and do not touch the page content text area it saves this. Code: <p><p>testing</p></p> The only form validation rule being applied is trim as well. PHP Code: <div class="col-md-10">
I guess you can use PHP's htmlentities() function:
PHP Code: <?php echo form_textarea($inputs['PAGE_CONTENT'], set_value('PAGE_CONTENT', htmlentities($row->PAGE_CONTENT))); ?> Website: http://avenir.ro
(02-03-2015, 02:23 PM)Avenirer Wrote: I guess you can use PHP's htmlentities() function: When i took out the set_value() function from the form_textarea(), I would get the correct values sometimes and other times they wouldn't show up. Do you know if I should be using the set_value() function at all for the form_textarea() function or would it just be easier to not use the helper for the text area and just use plain HTML and echo out the value inside of a text area html tag. Also for anyone reading this now. How should I store HTML from the WYSIWYG editor in the database. Should i be running it through any of Codeigniter's form prep/validation rules or any other PHP functions or is storing plain HTML OK.
No WYSIWIG editor is made to work specifically with CodeIgniter. That being said, you should follow their instructions without using CI-specific form functions.
I had this exact same problem when I wrote the CodeIgniter Form Validation Plugin for BootPress. I took me a long time to figure out what was going on, but basically form_prep() is being called twice so it is encoding the entities twice. That is why you can save it fine in a database the first time, but then it is all screwed up the second time around. CodeIgniter 2.x used to check if the value had been prepped before in a convoluted sort of way, but they removed that in CodeIgniter 3.x without any supporting documentation that I have run across. They also added stripslashes() and removed htmlspecialchars() for no apparent reason. The solution is to create a form_helper.php file in your application/helpers folder with the following:
PHP Code: <?php We have a static $prepped array that ensures we don't double prep any values, and obviously I think the $is_textarea parameter is superfluous. You can have html entities in any form field, so why only escape them in textareas? This has been working perfectly for me, and I create a lot of forms. I think CodeIgniter should change this before they release 3.0 officially. Maybe I should tell them that. (Sorry, I can't get the htmlentites to display correctly, so do not copy and paste the above. Copy and paste from GitHub instead.)
Maybe you should check first if it hasn't already been changed ... your post is based on outdated code.
But anyway, the thing is, set_value() should not be used with form_prep() in the first place, nor should any HTML-encoded data be saved to a database (you database doesn't know HTML) and lastly - no generic third-party tool is designed to work specifically with CI, so you shouldn't use CI helpers to integrate it.
You're right. Thanks for pointing that out to me Narf. It looks like form_prep() is just an alias for html_escape() which is just an alias for htmlspecialchars(), but the $double_encode is still set to TRUE by default every time it is called by the helpers, so perhaps that is the problem egall8 is experiencing?
|
Welcome Guest, Not a member yet? Register Sign In |