Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Converting User Entered Content so it Validates
Converting User Entered Content so it Validates
  • El Forum
    Guest
  •  
#1
01-13-2010, 06:25 AM

[eluser]JamesTaylor[/eluser]
What is the best practice for translating characters entered by a user via an input form to valid html characters? i.e
Code:
'&' becomes '&'
and therefore passes w3c validation.

So far I see there is 2 methods htmlentities and htmlspecialchars - which is most commonly used?

I appreciate that htmlentities converts all charcters which have a html equivalent where as htmlspecialchars converts only handful but i don't understand why one would be used rather than the other at the moment?

Also whilst on the subject, at what point is it suggested that the translation occur?

At the moment the form is completed by the user, it is submitted to the controller where it is validated and if it passes the various fields are entered in to the array for insertion to the DB.

I am currently planning on translating the charcters as they are passed to the array... is this acceptable or is it preferable to convert at a different stage of the process? I guess i'm wondering this with one eye on security.

My code at the min is:

Code:
$this->load->library('form_validation');
    //Setting Validation Rules - in order of: Field Name - Error Message - Validation Rules
    $this->form_validation->set_rules('Title', 'Title', 'trim|required');
    $this->form_validation->set_rules('Desc', 'Announcement', 'trim|required');
    $this->form_validation->set_rules('Day', 'Day', 'trim|required|numeric|max_length[2]');
    $this->form_validation->set_rules('Month', 'Month', 'trim|required|numeric|max_length[2]');
    $this->form_validation->set_rules('Year', 'Year', 'trim|required|numeric|exact_length[4]');
    $this->form_validation->set_rules('ID', 'ID', 'trim');
    
    //If Validation Fails
    if($this->form_validation->run() == FALSE)
        {
            $this->index();
        }
    //Validation Passed
    else
        {
            $Day = $this->input->post('Day');
            $Month = $this->input->post('Month');
            $Year = $this->input->post('Year');
    
            $this->data['Date'] = ("$Year-$Month-$Day");
            
            $data = array(
                'Title' => htmlspecialchars ($this->input->post('Title')),
        'Desc' => htmlentities ($this->input->post('Desc')),
        'Day' => $this->input->post('Day'),
        'Month' => $this->input->post('Month'),
        'Year' => $this->input->post('Year'),
        'Date' => $this->data['Date'],                    
        'ID' => $this->input->post('ID')
             );
            
            $this->load->model('Admin/815/Announcements_Model');
            $this->Announcements_Model->Insert($data);
            $this->InsertSuccess();

Any advice would be much appreciated as i'm still relatively new to CI and programming in general so lots to learn and understand, but i want to make sure i'm doing things in a correct fashion and not learning bad habbits!

Thanks

James
  • El Forum
    Guest
  •  
#2
01-13-2010, 10:11 AM

[eluser]JamesTaylor[/eluser]
bump... anyone care to offer me some advice?




Theme © iAndrew 2016 - Forum software by © MyBB