Simple quote in form

[eluser]flaburgan[/eluser]
Hi,
I have a problem with the form validation rules :
I use xss_clean and htmlspecialchars but when a user enters a text with simple quote, they are'nt escaped... Someone knows why ? Is there another rule to use to fix this problem ?

Thanks

Ps: excuse my english, I'm french...

[eluser]Sbioko[/eluser]
Don't use htmlspecialchars. CI will do it for you.

[eluser]flaburgan[/eluser]
it's done automaticlly by CI ? Then why does this rule exist ?

[eluser]Sbioko[/eluser]
It is needed in case when you turned off auto xss cleaning.

[eluser]flaburgan[/eluser]
Ok, thanks.
And what about the simple quote ?

[eluser]Sbioko[/eluser]
So, when you removed this rule, it still does not working? Try to remove both rules and turn auto xss protection on.

[eluser]flaburgan[/eluser]
I keep this rules for the input "username" : trim|required|min_length[5]|max_length[12]
And i put $config['global_xss_filtering'] = TRUE; into config.php.

But when I try to register with "It's me", the ' is always here...

[eluser]Sbioko[/eluser]
Oh, this is absolutely correct! If you want to remove all simple quotes do the following operation:

Code:

$username = str_replace('\'', '', $username);

[eluser]flaburgan[/eluser]
Alright, excuse me, I thank xss_clean did that..
Thanks

[eluser]Sbioko[/eluser]
A for what you excuse? :-) Glad to help!