Welcome Guest, Not a member yet? Register   Sign In
form data and output
#1

[eluser]Treeda[/eluser]
Hey guys,

maybe a stupid question but how do you handle outputting user entered data?

for example, user enteres data, you all put that stuff through validation.
but anyways, for security reason if you read some data from the database which was previously entered by a user you should put a htmlentities around the data before you output it.

how you handle that? is there a way codeigniter can help here?

in my old developments i've always implemented a function on my own which can do a normal htmlentities on a string but also can walk recursivly through an array (in the case i want to output an whole row to a template)

I'am realy eager to see how others handle that?
#2

[eluser]TheFuzzy0ne[/eluser]
I use set_value() to populate my forms. It accepts a second parameter, which is the default value to be displayed if the post array is empty. I've overridden set value function (defined in ./system/helpers/form_helper.php), with the function below.

./system/application/MY_form_helper.php
Code:
<?php

function set_value($field = '', $default = '')
{
    if (FALSE === ($OBJ =& _get_validation_object()))
    {
        if ( ! isset($_POST[$field]))
        {
            return form_prep($default); # form_prep the default value.
        }

        return form_prep($_POST[$field]);
    }

    return form_prep($OBJ->set_value($field, $default));
}
#3

[eluser]Treeda[/eluser]
thats what i do with my forms too, but what i meant is how do you prepare your data if you show them not in the form?

i think the entered data should also be displayed somewhere else?
#4

[eluser]TheFuzzy0ne[/eluser]
I'm sorry. I don't think I understand the question.
#5

[eluser]Treeda[/eluser]
let's take a news script for example.

The user enteres something into a form and this data will be written to a mysql.
On another page the data is read from the database and written as output,
you have to encapsulate the data with htmlentities before you output it to the website (client) to avoid destroying of your layout for example or even worse things :-)
#6

[eluser]TheFuzzy0ne[/eluser]
I'm not sure what you were hoping for, but I'd just use html_entities on the data as you suggested. I can't see how CodeIgniter can help here.




Theme © iAndrew 2016 - Forum software by © MyBB